BIT-wordpress-multisite-2024-6307
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
6.4CVSS
5.8AI Score
0.001EPSS
Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion
A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in question, is assessed.....
6.8AI Score
Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when parsing an ISO file, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service, or possibly execute arbitrary...
7.7AI Score
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
7.3AI Score
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
7.4AI Score
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
7.5AI Score
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
6.6AI Score
0.0004EPSS
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
6.1AI Score
0.0004EPSS
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
5.1AI Score
0.0004EPSS
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
0.0004EPSS
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
5.1AI Score
0.0004EPSS
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
6AI Score
0.0004EPSS
Microsoft Dataverse Remote Code Execution Vulnerability
An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a...
8CVSS
7.8AI Score
0.001EPSS
Toward greater transparency: Unveiling Cloud Service CVEs
Welcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers,...
7AI Score
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
6.7AI Score
0.0004EPSS
CVE-2024-22231 Syndic cache directory creation is vulnerable to a directory traversal attack
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
0.0004EPSS
qa.sienasleep.com Open Redirect vulnerability OBB-3939173
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application
A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135...
9.8CVSS
8.2AI Score
0.0004EPSS
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their...
6.1CVSS
6.4AI Score
0.0005EPSS
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their...
6.1CVSS
0.0005EPSS
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting...
5.4CVSS
5.8AI Score
0.0004EPSS
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting...
5.4CVSS
0.0004EPSS
CVE-2024-4704 Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their...
0.0005EPSS
CVE-2024-4704 Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their...
6.7AI Score
0.0005EPSS
CVE-2024-3111 H5P < 1.15.8 - Contributor+ Stored XSS
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting...
0.0004EPSS
jostenberg.nl Cross Site Scripting vulnerability OBB-3939171
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
5.1AI Score
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
5.8AI Score
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
0.001EPSS
A vulnerability was found in Jenkins Bitbucket. In some cases, it prints the Bitbucket OAuth access token as part of the Bitbucket...
6.4AI Score
0.0004EPSS
A vulnerability was found in the Jenkins Structs Plugin. When it fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...
6.1AI Score
0.0004EPSS
A vulnerability was found in the Jenkins Plain Credentials Plugin, which stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system. Users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission...
6.3AI Score
0.0004EPSS
A vulnerability was found in the djangorestframework package. Cross-site scripting occurs via the break_long_headers template filter due to improper input sanitization before splitting and joining with ...
6.1CVSS
6.1AI Score
0.0004EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
5.4CVSS
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
5.4CVSS
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
0.001EPSS
Malicious code in @cloee/fetchs (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (3ddd287e759985428de17d0c1ee45f25e31d209edfcf1c1f251d31b20d582622) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.
Summary IBM MQ Appliance has addressed multiple open source vulnerabilities (CVE-2020-12762, CVE-2021-33631, CVE-2023-6931, CVE-2024-1086). Vulnerability Details CVEID: CVE-2020-12762 DESCRIPTION: json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer...
7.8CVSS
8.7AI Score
0.002EPSS
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2024-2511)
Summary IBM MQ Appliance has addressed an OpenSSL denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...
6.7AI Score
0.0004EPSS
Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)
Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID: CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using....
6.1CVSS
6.7AI Score
0.0004EPSS
Summary IBM MQ Appliance has addressed XML External Entity (XXE) injection and server-side request forgery vulnerabilities. Vulnerability Details CVEID: CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are.....
7CVSS
7.8AI Score
0.0004EPSS
Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)
Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...
5.9CVSS
6.9AI Score
0.963EPSS