7.4AI Score
AlmaLinux 8 : nodejs:20 (ALSA-2024:2778)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2778 advisory. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch()...
7AI Score
EulerOS 2.0 SP10 : grub2 (EulerOS-SA-2024-1569)
According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a temporary file...
7.5AI Score
JVN#97751842: Multiple vulnerabilities in MosP kintai kanri
MosP kintai kanri provided by esMind, LLC contains multiple vulnerabilities listed below. Path Traversal (CWE-22) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-28880 Incorrect Permission Assignment for Critical Resource (CWE-732) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L.....
7.3AI Score
EulerOS 2.0 SP10 : grub2 (EulerOS-SA-2024-1591)
According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a temporary file...
7.5AI Score
RHEL 9 : Red Hat build of MicroShift 4.15.12 (RHSA-2024:2667)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2667 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames....
7.3AI Score
Description The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.19. This makes it possible for authenticated attackers, with contributor-level access and above, to make web...
7.7CVSS
6.7AI Score
0.0004EPSS
7.5AI Score
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.1AI Score
Debian dsa-5684 : gir1.2-javascriptcoregtk-4.0 - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5684 advisory. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and...
8.1AI Score
RHEL 8 : nodejs:18 (RHSA-2024:2780)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2780 advisory. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using...
7AI Score
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1570)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...
8.2AI Score
7.4AI Score
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages fossil - DSCM with built-in wiki, http interface and server, tickets datab Details USN-6729-1 fixed vulnerabilities in Apache HTTP Server. The update lead to the discovery of a...
7.4AI Score
RHEL 8 / 9 : OpenShift Container Platform 4.14.24 (RHSA-2024:2672)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2672 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION...
7.5AI Score
RHEL 8 : nodejs:16 (RHSA-2024:2793)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2793 advisory. A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource...
7.2AI Score
EWWW Image Optimizer < 7.3.0 - Cross-Site Request Forgery
Description The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.3. This is due to missing or incorrect nonce validation on the check_for_optin() and check_for_optout() functions. This makes it possible for...
4.3CVSS
6.6AI Score
0.0004EPSS
Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: using the fetch()...
8.2CVSS
7.4AI Score
0.0004EPSS
4.3CVSS
7.4AI Score
0.0004EPSS
Rocky Linux 8 : nodejs:18 (RLSA-2024:2780)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2780 advisory. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch()...
7AI Score
Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial...
8.2CVSS
7.3AI Score
0.0004EPSS
Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial...
8.2CVSS
7.4AI Score
0.0004EPSS
Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: using the fetch()...
8.2CVSS
7.3AI Score
0.0004EPSS
Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)
Summary Vulnerability in libxml2 could allow a remote attacker to cause a denial of service (CVE-2024-25062). AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details ** CVEID: CVE-2024-25062 DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a...
7.5CVSS
6.6AI Score
0.0005EPSS
API Security and The Silent Menace of Unknown APIs
The digital application landscape is evolving rapidly, with APIs as the backbone of modern software development. However, amidst all this innovation lies a silent menace: the prevalence of unknown APIs. These APIs, often lurking beyond sanctioned channels, pose significant security risks to...
7.8AI Score
[SECURITY] [DSA 5685-1] wordpress security update
Debian Security Advisory DSA-5685-1 [email protected] https://www.debian.org/security/ Markus Koschany May 08, 2024 https://www.debian.org/security/faq Package : wordpress CVE ID : CVE-2023-2745 CVE-2023-5561...
4.3CVSS
0.002EPSS
Summary The org.eclipse.core.runtime component is used by TPF Toolkit as part of the basic platform infrastructure (CVE-2023-4218). Additionally, the Apache commons-compress package is used by TPF Toolkit web applications services as part of the code coverage feature (CVE-2024-26308,...
5.5CVSS
6.3AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes...
7.5CVSS
7.4AI Score
0.001EPSS
Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20926) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...
5.9CVSS
7.1AI Score
0.001EPSS
Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20918) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...
7.4CVSS
6.9AI Score
0.001EPSS
Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20921) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...
5.9CVSS
7AI Score
0.001EPSS
Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20919) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...
5.9CVSS
6.9AI Score
0.0005EPSS
Spin applications with specific configuration vulnerable to potential network sandbox escape
Impact Some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header. If an application's manifest contains a component with configuration such as toml allowed_outbound_hosts =...
9.1CVSS
7.3AI Score
0.0004EPSS
Spin applications with specific configuration vulnerable to potential network sandbox escape
Impact Some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header. If an application's manifest contains a component with configuration such as toml allowed_outbound_hosts =...
9.1CVSS
7.3AI Score
0.0004EPSS
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2023-26159, CVE-2024-25015, CVE-2024-25048, CVE-2024-20952, CVE-2023-33850, CVE-2023-6237, CVE-2024-0727 Vulnerability Details...
7.5CVSS
7.4AI Score
0.002EPSS
AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)
IBM SECURITY ADVISORY First Issued: Wed May 8 16:18:28 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory6.asc Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)...
7.5CVSS
7.2AI Score
0.0005EPSS
Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution
Cisco Talos' Vulnerability Research team recently disclosed three zero-day vulnerabilities that are still unpatched as of Wednesday, May 8. Two vulnerabilities in this group -- one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library -- could lead to arbitrary code...
9.8CVSS
9.5AI Score
0.001EPSS
Summary Potential unspecified vulnerability in Java SE related to the Security component (CVE-2024-20932) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...
7.5CVSS
7AI Score
0.001EPSS
Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...
4.3CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Desperate Taylor Swift fans defrauded by ticket scams
Ticket scams are very common and apparently hard to stop. When there are not nearly enough tickets for some concerts to accommodate all the fans that desperately want to be there, it makes for ideal hunting grounds for scammers. With a ticket scam, you pay for a ticket and you either don’t receive....
7AI Score
Rapid7 Signs 100% Talent Compact with Boston Women’s Workforce Council
The effort aims to help close gender and racial pay gaps Rapid7 is proud to announce their signing of the 100% Talent Compact through the Boston Women’s Workforce Council (BWWC). The Talent Compact is a collective effort among the Boston Mayor and local employers to close the gender and racial...
7AI Score
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely –...
8.5AI Score
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 271 Vulnerability Details ** CVEID: CVE-2023-5363 DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by an incorrect cipher key and IV length processing during the...
7.5CVSS
8AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale
Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details ** CVEID:....
7.5CVSS
8.2AI Score
0.008EPSS
Security Bulletin: Multiple vulnerabilities in jquery affect IBM Storage Scale
Summary There are multiple vulnerabilities in jquery, used by IBM Storage Scale HDFS transparency, which could allow cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details ** CVEID: CVE-2012-6708 DESCRIPTION: **jQuery is vulnerable to cross-site...
6.1CVSS
9.8AI Score
0.008EPSS
Summary Multiple vulnerabilities have been identified in Apache Xerces2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2022-23437 DESCRIPTION: **Apache...
7.5CVSS
8.7AI Score
0.019EPSS
trix is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to improper sanitization of pasted content, which allows attackers to embed malicious scripts, resulting in Cross-Site Scripting (XSS) within the application's...
5.4CVSS
6AI Score
0.0004EPSS