Lucene search

K

BD Pyxis™ MedStation™ ES Server Security Vulnerabilities

cvelist
cvelist

CVE-2024-4258 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

9.8CVSS

0.001EPSS

2024-06-15 08:42 AM
2
vulnrichment
vulnrichment

CVE-2024-4258 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

9.8CVSS

8.2AI Score

0.001EPSS

2024-06-15 08:42 AM
cvelist
cvelist

CVE-2024-3105 Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution

The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized....

9.9CVSS

0.001EPSS

2024-06-15 08:42 AM
1
thn
thn

Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks

A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under the moniker UTA0137, noting the adversary's exclusive use of a malware called DISGOMOJI that's written...

7.8CVSS

8.6AI Score

0.076EPSS

2024-06-15 08:13 AM
3
nvd
nvd

CVE-2024-6000

The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with...

7.1CVSS

0.001EPSS

2024-06-15 04:15 AM
2
cve
cve

CVE-2024-6000

The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with...

7.1CVSS

7.2AI Score

0.001EPSS

2024-06-15 04:15 AM
8
cvelist
cvelist

CVE-2024-6000 FooEvents for WooCommerce <= 1.19.20 - Improper Authorization to (Contributor+) Arbitrary File Upload

The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with...

7.1CVSS

0.001EPSS

2024-06-15 03:18 AM
1
nvd
nvd

CVE-2023-6696

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....

8.1CVSS

0.001EPSS

2024-06-15 02:15 AM
3
cve
cve

CVE-2023-6696

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....

8.1CVSS

8AI Score

0.001EPSS

2024-06-15 02:15 AM
3
cve
cve

CVE-2024-3813

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include...

8.8CVSS

8.9AI Score

0.001EPSS

2024-06-15 02:15 AM
7
nvd
nvd

CVE-2024-3813

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include...

8.8CVSS

0.001EPSS

2024-06-15 02:15 AM
2
cvelist
cvelist

CVE-2023-6696 Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....

8.1CVSS

0.001EPSS

2024-06-15 02:02 AM
2
cvelist
cvelist

CVE-2024-3813 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include...

8.8CVSS

0.001EPSS

2024-06-15 02:01 AM
2
nessus
nessus

SUSE SLES15 Security Update : libaom (SUSE-SU-2024:2030-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2030-1 advisory. - CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020). Tenable has extracted the...

7.5AI Score

0.0004EPSS

2024-06-15 12:00 AM
nessus
nessus

Debian dsa-5711 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5711 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5711-1 [email protected] ...

7.5AI Score

0.0004EPSS

2024-06-15 12:00 AM
1
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : mariadb (SUSE-SU-2024:2032-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2032-1 advisory. - CVE-2024-21096: Fixed mysqldump unspecified vulnerability (bsc#1225983). - Update to 10.11.8. Tenable has extracted the...

4.9CVSS

5.3AI Score

0.0005EPSS

2024-06-15 12:00 AM
rapid7blog
rapid7blog

Metasploit Weekly Wrap-Up 06/14/2024

New module content (5) Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: #19242 contributed by zeroSteiner Path: scanner/http/telerik_report_server_auth_bypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for...

9.9CVSS

8.2AI Score

0.938EPSS

2024-06-14 07:09 PM
1
nvd
nvd

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

0.0004EPSS

2024-06-14 04:15 PM
2
cve
cve

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

4AI Score

0.0004EPSS

2024-06-14 04:15 PM
8
cve
cve

CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the...

3.8CVSS

4.8AI Score

0.0004EPSS

2024-06-14 04:15 PM
10
nvd
nvd

CVE-2024-37886

user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or...

5.4CVSS

0.0004EPSS

2024-06-14 04:15 PM
1
nvd
nvd

CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the...

3.8CVSS

0.0004EPSS

2024-06-14 04:15 PM
2
cve
cve

CVE-2024-37884

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise.....

3.5CVSS

4AI Score

0.0004EPSS

2024-06-14 04:15 PM
10
debiancve
debiancve

CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the...

3.8CVSS

4.7AI Score

0.0004EPSS

2024-06-14 04:15 PM
1
nvd
nvd

CVE-2024-37884

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise.....

3.5CVSS

0.0004EPSS

2024-06-14 04:15 PM
1
cve
cve

CVE-2024-37886

user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-14 04:15 PM
9
nvd
nvd

CVE-2024-37882

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

8.1CVSS

0.0004EPSS

2024-06-14 04:15 PM
3
cve
cve

CVE-2024-37882

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-14 04:15 PM
8
cve
cve

CVE-2024-37315

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

3.5CVSS

4AI Score

0.0004EPSS

2024-06-14 04:15 PM
12
nvd
nvd

CVE-2024-37315

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

3.5CVSS

0.0004EPSS

2024-06-14 04:15 PM
2
vulnrichment
vulnrichment

CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

7AI Score

0.0004EPSS

2024-06-14 03:48 PM
2
cvelist
cvelist

CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

0.0004EPSS

2024-06-14 03:48 PM
4
vulnrichment
vulnrichment

CVE-2024-37886 Nextcloud user_oidc's ID4me does not validate signature or expiration

user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or...

5.4CVSS

6.8AI Score

0.0004EPSS

2024-06-14 03:45 PM
cvelist
cvelist

CVE-2024-37886 Nextcloud user_oidc's ID4me does not validate signature or expiration

user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or...

5.4CVSS

0.0004EPSS

2024-06-14 03:45 PM
4
cvelist
cvelist

CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the...

3.8CVSS

0.0004EPSS

2024-06-14 03:42 PM
5
vulnrichment
vulnrichment

CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the...

3.8CVSS

7.7AI Score

0.0004EPSS

2024-06-14 03:42 PM
cvelist
cvelist

CVE-2024-37884 Nextcloud Server's users can delete old versions of read-only shared files

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise.....

3.5CVSS

0.0004EPSS

2024-06-14 03:36 PM
vulnrichment
vulnrichment

CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

8.1CVSS

6.9AI Score

0.0004EPSS

2024-06-14 03:28 PM
cvelist
cvelist

CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

8.1CVSS

0.0004EPSS

2024-06-14 03:28 PM
nvd
nvd

CVE-2024-37368

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-37368

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...

6.6AI Score

0.0004EPSS

2024-06-14 03:15 PM
11
nvd
nvd

CVE-2024-37313

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise...

7.3CVSS

0.0004EPSS

2024-06-14 03:15 PM
nvd
nvd

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

3.5CVSS

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-37367

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication...

6.5AI Score

0.0004EPSS

2024-06-14 03:15 PM
13
nvd
nvd

CVE-2024-37367

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication...

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-37313

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise...

7.3CVSS

7.2AI Score

0.0004EPSS

2024-06-14 03:15 PM
10
cve
cve

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or...

3.5CVSS

6.9AI Score

0.0004EPSS

2024-06-14 03:15 PM
7
nvd
nvd

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged...

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged...

6.8AI Score

0.0004EPSS

2024-06-14 03:15 PM
7
cvelist
cvelist

CVE-2024-37315 Nextcloud Server's read-only users can restore old versions

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

3.5CVSS

0.0004EPSS

2024-06-14 03:08 PM
Total number of security vulnerabilities434318