CVE-2024-23681 |
Description: Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
EPSS Score: 0.2% SSVC Exploitation: poc
June 4th, 2025 (3 days ago)
|
CVE-2024-23453 |
Description: Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.
EPSS Score: 0.03% SSVC Exploitation: none
June 4th, 2025 (3 days ago)
|
CVE-2024-23304 |
Description: Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
EPSS Score: 0.83% SSVC Exploitation: none
June 4th, 2025 (3 days ago)
|
CVE-2024-23301 |
Description: Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
EPSS Score: 0.1% SSVC Exploitation: none
June 4th, 2025 (3 days ago)
|
CVE-2024-23180 |
Description: Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.
EPSS Score: 1.63% SSVC Exploitation: none
June 4th, 2025 (3 days ago)
|
CVE-2024-23172 |
Description: An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.
EPSS Score: 0.47% SSVC Exploitation: none
June 4th, 2025 (3 days ago)
|
CVE-2024-23031 |
Description: Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
EPSS Score: 0.04% SSVC Exploitation: none
June 4th, 2025 (3 days ago)
|
![]() |
Description: DALB a global leader amongst the decorative and functional plasti
cs manufacturing companies.
We are going to upload about 25 GB of corporate data. Employee pe
rsonal information (DLs, DOB, addresses, SSNs and so on), financi
al data, contracts and agreements, client data, NDAs, etc.
June 4th, 2025 (3 days ago)
|
![]() |
Description: Google has disclosed details of a financially motivated threat cluster that it said "specialises" in voice phishing (aka vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion.
The tech giant's threat intelligence team is tracking the activity under the moniker UNC6040, which it said exhibits characteristics that align with
June 4th, 2025 (3 days ago)
|
CVE-2025-20286 |
Description:
A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https:...
EPSS Score: 0.13%
June 4th, 2025 (3 days ago)
|