Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...
8.6CVSS
8.7AI Score
0.0004EPSS
Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...
8.6CVSS
6.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through...
8.6CVSS
6.9AI Score
0.0004EPSS
Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through...
8.6CVSS
8.7AI Score
0.0004EPSS
Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through...
8.8CVSS
8.8AI Score
0.0004EPSS
Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through...
8.8CVSS
6.9AI Score
0.0004EPSS
Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...
8.6CVSS
7AI Score
0.0004EPSS
Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...
8.6CVSS
8.7AI Score
0.0004EPSS
Quassel IRC credential gatherer
PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...
7AI Score
EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2024-1647)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...
3.7CVSS
7.5AI Score
0.001EPSS
GitLab 7.12 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13335)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. (CVE-2020-13335) Note that Nessus...
4.3CVSS
7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for shadow-utils (EulerOS-SA-2024-1705)
The remote host is missing an update for the Huawei...
5.5CVSS
6.6AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1677)
The remote host is missing an update for the Huawei...
6.5CVSS
7AI Score
0.001EPSS
GitLab 13.1 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26417)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <...
5.3CVSS
7AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.0 : shadow-utils (EulerOS-SA-2024-1705)
According to the versions of the shadow-utils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password...
5.5CVSS
7.7AI Score
0.0004EPSS
EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2024-1677)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...
6.5CVSS
7.2AI Score
0.001EPSS
GitLab 11.2 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13346)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. (CVE-2020-13346) ...
6.5CVSS
7AI Score
0.001EPSS
New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks
Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all...
7.3AI Score
EPSS
CVE-2024-4352-Poc CVE-2024-4352 Tutor LMS Pro <= 2.7.0 -...
8.8CVSS
8.7AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...
10CVSS
9.5AI Score
EPSS
Talos releases new macOS open-source fuzzer
Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware. Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework. Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare...
6.6AI Score
Siemens SIMATIC RTLS Locating Manager
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
10CVSS
9.2AI Score
0.009EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
8.6AI Score
0.0004EPSS
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the /list_personalities endpoint. By manipulating the category parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version....
7.5CVSS
7.4AI Score
0.0004EPSS
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the /list_personalities endpoint. By manipulating the category parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version....
7.5CVSS
6.5AI Score
0.0004EPSS
CVE-2024-4322 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the /list_personalities endpoint. By manipulating the category parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version....
7.5CVSS
6.6AI Score
0.0004EPSS
CVE-2024-4322 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the /list_personalities endpoint. By manipulating the category parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version....
7.5CVSS
7.5AI Score
0.0004EPSS
Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks
The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta...
7.4AI Score
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1647)
The remote host is missing an update for the Huawei...
3.7CVSS
7.1AI Score
0.001EPSS
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 bring essential security enhancements with Patch SUPEE-10752. These updates address various vulnerabilities, including authenticated Admin user remote code execution (RCE), cross-site request forgery (CSRF), and more. Key Security Improvements: ...
8.8AI Score
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 bring essential security enhancements with Patch SUPEE-10752. These updates address various vulnerabilities, including authenticated Admin user remote code execution (RCE), cross-site request forgery (CSRF), and more. Key Security Improvements: ...
8.8AI Score
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...
7.7AI Score
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue...
6.1CVSS
7.1AI Score
0.0004EPSS
BIT-cilium-operator-2024-25630
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue...
6.1CVSS
7.1AI Score
0.0004EPSS
Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware...
9.8CVSS
7.3AI Score
0.003EPSS
Unbreakable Enterprise kernel security update
[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....
8.3AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...
7.8CVSS
7.2AI Score
EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1646-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1646-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array...
7.8CVSS
7.2AI Score
EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...
7.8CVSS
6.9AI Score
EPSS
Easy Digital Downloads < 3.2.12 - Unauthenticated Sensitive Information Exposure
Description The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.11. This makes it possible for unauthenticated attackers to extract...
5.3CVSS
6.9AI Score
0.0004EPSS
Ultimate Store Kit Elementor Addons <= 1.6.2 - Unauthenticated PHP Object Injection
Description The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.2 via deserialization of untrusted...
5.4CVSS
7.7AI Score
0.0004EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...
7.8CVSS
7.2AI Score
EPSS
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...
7.1AI Score
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...
7.1AI Score
2024-05 Dynamic Cumulative Update for Windows 11 for ARM64-based Systems (KB5037770)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
7.2AI Score
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more...
7.2AI Score
2024-05 Cumulative Update for Windows 11 for ARM64-based Systems (KB5037770)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...
7.1AI Score
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...
7.1AI Score
2024-05 Cumulative Update for Windows 11 for x64-based Systems (KB5037770)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...
7.1AI Score
2024-05 Dynamic Cumulative Update for Windows 11 for x64-based Systems (KB5037770)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
7.2AI Score