Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control....
2.7CVSS
6.7AI Score
0.0004EPSS
CVE-2022-38055 WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through...
4.3CVSS
0.0004EPSS
CVE-2022-38055 WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System
Summary There are vulnerabilities in PostgreSQL versions used by IBM Storage Scale System that could allow a remote authenticated attacker to obtain sensitive information or bypass security restrictions, a denial of service and a buffer overflow. IBM Storage Scale System has addressed the...
8.8CVSS
9.5AI Score
0.015EPSS
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
9.8CVSS
7AI Score
0.001EPSS
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
9.8CVSS
0.001EPSS
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
9.8CVSS
7.3AI Score
0.001EPSS
Security Bulletin: IBM Resilient SOAR is vulnerable to command injection (CVE-2024-38319)
Summary It was possible for a privileged user to inject malicious commands that could be executed as another user. This issue has been addressed. Vulnerability Details ** CVEID: CVE-2024-38319 DESCRIPTION: **IBM Security SOAR could allow an authenticated user to execute malicious code loaded...
7.5CVSS
7.1AI Score
0.0004EPSS
CVE-2023-45197 Adminer and AdminerEvo vulnerable to directory traversal and file upload
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
0.001EPSS
CVE-2023-45197 Adminer and AdminerEvo vulnerable to directory traversal and file upload
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
9.6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time...
6.9AI Score
0.0004EPSS
Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...
8.8CVSS
0.001EPSS
Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...
8.8CVSS
0.001EPSS
Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...
8.8CVSS
5.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...
8.8CVSS
8.3AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...
8.8CVSS
0.001EPSS
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...
8.8CVSS
0.001EPSS
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...
8.8CVSS
0.001EPSS
Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...
8.8CVSS
6.5AI Score
0.001EPSS
Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through...
8.8CVSS
8.8AI Score
0.001EPSS
Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through...
8.8CVSS
0.001EPSS
Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...
5.4CVSS
7AI Score
0.001EPSS
Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...
5.4CVSS
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...
8.3CVSS
0.001EPSS
Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign
A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are...
7.4AI Score
Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...
4.3CVSS
0.001EPSS
CVE-2023-51375 WordPress EmbedPress plugin <= 3.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...
4.3CVSS
0.001EPSS
CVE-2023-51375 WordPress EmbedPress plugin <= 3.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...
4.3CVSS
7AI Score
0.001EPSS
Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...
6.5CVSS
0.001EPSS
Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...
6.5CVSS
6.9AI Score
0.001EPSS
CVE-2022-43453 WordPress WP Tools plugin <= 3.41 - Auth. Broken Access Control vulnerability
Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through...
8.8CVSS
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through...
7.5CVSS
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through...
7.5CVSS
5.2AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through...
7.5CVSS
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through...
7.5CVSS
5.2AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through...
8.8CVSS
0.001EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through...
5.9CVSS
5.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS.This issue affects WPPizza: from n/a through...
7.1CVSS
7AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS.This issue affects WPPizza: from n/a through...
6.1CVSS
0.0005EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through...
4.8CVSS
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through...
8.8CVSS
4.6AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through...
5.4CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through...
5.4CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cryout Creations Serious Slider allows Stored XSS.This issue affects Serious Slider: from n/a through...
5.4CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cryout Creations Serious Slider allows Stored XSS.This issue affects Serious Slider: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Easy Age Verify allows Stored XSS.This issue affects Easy Age Verify: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS