Lucene search

K

BIG-IP (Advanced WAF, APM, ASM) Security Vulnerabilities

cve
cve

CVE-2024-32814

Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-09 01:15 PM
32
cve
cve

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

4.3CVSS

4.8AI Score

0.0004EPSS

2024-06-09 01:15 PM
28
nvd
nvd

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-09 01:15 PM
3
cvelist
cvelist

CVE-2024-32783 WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-09 01:03 PM
3
cvelist
cvelist

CVE-2024-32814 WordPress Advanced Local Pickup for WooCommerce plugin <= 1.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 12:40 PM
2
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment...

10CVSS

10AI Score

0.975EPSS

2024-06-09 02:49 AM
98
nvd
nvd

CVE-2024-35675

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting (XSS).This issue affects Advanced Woo Labels: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 04:15 PM
5
cve
cve

CVE-2024-35675

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting (XSS).This issue affects Advanced Woo Labels: from n/a through...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-08 04:15 PM
23
cvelist
cvelist

CVE-2024-35675 WordPress Advanced Woo Labels plugin <= 1.93 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting (XSS).This issue affects Advanced Woo Labels: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 04:07 PM
3
vulnrichment
vulnrichment

CVE-2024-35675 WordPress Advanced Woo Labels plugin <= 1.93 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting (XSS).This issue affects Advanced Woo Labels: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 04:07 PM
nvd
nvd

CVE-2024-36969

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

0.0004EPSS

2024-06-08 01:15 PM
2
cve
cve

CVE-2024-36969

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

6AI Score

0.0004EPSS

2024-06-08 01:15 PM
23
debiancve
debiancve

CVE-2024-36969

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

6.1AI Score

0.0004EPSS

2024-06-08 01:15 PM
1
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577-PHP-RCE 项目简介与原理 ...

9.8CVSS

9.6AI Score

0.932EPSS

2024-06-08 01:04 PM
99
cvelist
cvelist

CVE-2024-36969 drm/amd/display: Fix division by zero in setup_dsc_config

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

0.0004EPSS

2024-06-08 12:53 PM
2
vulnrichment
vulnrichment

CVE-2024-36969 drm/amd/display: Fix division by zero in setup_dsc_config

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

6.4AI Score

0.0004EPSS

2024-06-08 12:53 PM
kitploit
kitploit

Sttr - Cross-Platform, Cli App To Perform Various Operations On String

sttr is command line software that allows you to quickly run various transformation operations on the string. // With input prompt sttr // Direct input sttr md5 "Hello World" // File input sttr md5 file.text sttr base64-encode image.jpg // Reading from different processor like cat,...

7.4AI Score

2024-06-08 12:30 PM
5
githubexploit

8.6CVSS

8.6AI Score

0.945EPSS

2024-06-08 10:17 AM
81
thn
thn

Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns

Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by capturing...

6.7AI Score

2024-06-08 06:54 AM
1
cve
cve

CVE-2024-4661

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the...

4.3CVSS

4.3AI Score

0.0004EPSS

2024-06-08 06:15 AM
22
osv
osv

ZendFramework Potential Proxy Injection Vulnerabilities

Zend\Session\Validator\RemoteAddr and Zend\View\Helper\ServerUrl were found to be improperly parsing HTTP headers for proxy information, which could potentially allow an attacker to spoof a proxied IP or host name. In Zend\Session\Validator\RemoteAddr, if the client is behind a proxy server, the...

7.1AI Score

2024-06-07 08:46 PM
1
github
github

ZendFramework Potential Proxy Injection Vulnerabilities

Zend\Session\Validator\RemoteAddr and Zend\View\Helper\ServerUrl were found to be improperly parsing HTTP headers for proxy information, which could potentially allow an attacker to spoof a proxied IP or host name. In Zend\Session\Validator\RemoteAddr, if the client is behind a proxy server, the...

7.1AI Score

2024-06-07 08:46 PM
2
osv
osv

Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`

The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol (IP) address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into...

7AI Score

2024-06-07 08:02 PM
github
github

Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`

The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol (IP) address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into...

7AI Score

2024-06-07 08:02 PM
1
impervablog
impervablog

Imperva Protects Against Critical PHP Vulnerability CVE-2024-4577

In the ever-evolving landscape of cybersecurity, staying ahead of vulnerabilities is crucial for safeguarding sensitive information and maintaining the integrity of digital assets. Recently, a critical vulnerability– identified as CVE-2024-4577 with an initial CVSS score of 9.8 – was discovered in....

9.8CVSS

10AI Score

0.932EPSS

2024-06-07 04:33 PM
12
thn
thn

LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities

Cybersecurity researchers have disclosed that the LightSpy spyware recently identified as targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant. The findings come from both Huntress Labs and ThreatFabric, which separately analyzed the artifacts associated with....

8.8CVSS

7.3AI Score

0.018EPSS

2024-06-07 03:44 PM
1
kitploit
kitploit

PIP-INTEL - OSINT and Cyber Intelligence Tool

Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity...

7AI Score

2024-06-07 12:30 PM
17
schneier
schneier

The Justice Department Took Down the 911 S5 Botnet

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide....

7.4AI Score

2024-06-07 11:04 AM
3
thn
thn

Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances

The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain. "The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their.....

8.8CVSS

8.1AI Score

0.975EPSS

2024-06-07 05:10 AM
1
openvas
openvas

Fedora: Security Advisory for kddockwidgets (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
1
openvas
openvas

Fedora: Security Advisory for rust-local_ipaddress (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

7.5AI Score

2024-06-07 12:00 AM
1
f5
f5

K000139953: PHP vulnerability CVE-2024-4577

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. (CVE-2024-4577) Impact There is no impact; F5 products are not affected by this.....

9.8CVSS

9.3AI Score

0.932EPSS

2024-06-07 12:00 AM
32
wired
wired

The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

The number of alleged hacks targeting the customers of cloud storage firm Snowflake appears to be snowballing into one of the biggest data breaches of all...

7.2AI Score

2024-06-06 07:41 PM
4
talosblog
talosblog

The sliding doors of misinformation that come with AI-generated search results

As someone who used to think that his entire livelihood would come from writing, I've long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...

7.2AI Score

2024-06-06 06:00 PM
9
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.6AI Score

EPSS

2024-06-06 03:09 PM
7
thn
thn

Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

Muhstik botnet exploits a critical Apache RocketMQ flaw (CVE-2023-33246) for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining. Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary ("pty3"), and....

9.8CVSS

8.3AI Score

0.972EPSS

2024-06-06 01:14 PM
1
ics
ics

Emerson PACSystem and Fanuc

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without...

8.4AI Score

EPSS

2024-06-06 12:00 PM
1
thn
thn

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected

Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. "The majority of the attributed malicious samples targeted financial institutions and...

7.1AI Score

2024-06-06 09:54 AM
1
f5
f5

K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366

Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-06 12:00 AM
7
packetstorm

7.4AI Score

2024-06-06 12:00 AM
75
rapid7blog
rapid7blog

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

7.4AI Score

2024-06-05 01:00 PM
6
talosblog
talosblog

DarkGate switches up its tactics with new payload, email templates

This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victim's system with the DarkGate malware. These campaigns, active since the...

7.9AI Score

2024-06-05 12:00 PM
5
cve
cve

CVE-2024-5222

The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output.....

6.4CVSS

6AI Score

0.001EPSS

2024-06-05 07:15 AM
23
nvd
nvd

CVE-2024-5222

The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output.....

5.4CVSS

5.7AI Score

0.001EPSS

2024-06-05 07:15 AM
2
vulnrichment
vulnrichment

CVE-2024-5222 Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. <= 3.0.5 - Authenticated (Author+) Stored Cross-Site Scripting

The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-05 06:50 AM
cvelist
cvelist

CVE-2024-5222 Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. <= 3.0.5 - Authenticated (Author+) Stored Cross-Site Scripting

The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output.....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-05 06:50 AM
fedora
fedora

[SECURITY] Fedora 40 Update: kddockwidgets-1.7.0-10.fc40

Qt dock widget library written by KDAB, suitable for replacing QDockWidget and implementing advanced functionalities missing in...

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
cve
cve

CVE-2024-4084

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-05 12:15 AM
4
nvd
nvd

CVE-2024-4084

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...

7.5CVSS

7.6AI Score

0.001EPSS

2024-06-05 12:15 AM
cvelist
cvelist

CVE-2024-4084 SSRF vulnerability in mintplex-labs/anything-llm

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...

7.7CVSS

7.6AI Score

0.001EPSS

2024-06-05 12:00 AM
2
Total number of security vulnerabilities99691