Lucene search

K

Classified Listing Store & Membership Addon Security Vulnerabilities

msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5037768)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

7.1AI Score

2024-05-14 05:00 PM
1
msupdate
msupdate

2024-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5037768)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

7.2AI Score

2024-05-14 05:00 PM
5
msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5037765)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-05-14 05:00 PM
8
msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5037765)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-05-14 05:00 PM
16
msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5037768)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

7.1AI Score

2024-05-14 05:00 PM
53
msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5037788)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-05-14 05:00 PM
7
msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5037768)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

7.1AI Score

2024-05-14 05:00 PM
3
msupdate
msupdate

2024-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5037768)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

7.2AI Score

2024-05-14 05:00 PM
8
msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5037768)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

7.1AI Score

2024-05-14 05:00 PM
2
msupdate
msupdate

2024-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5037765)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-05-14 05:00 PM
94
msupdate
msupdate

2024-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5037768)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

7.2AI Score

2024-05-14 05:00 PM
15
msupdate
msupdate

2024-05 Dynamic Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5037768)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

7.2AI Score

2024-05-14 05:00 PM
29
msupdate
msupdate

2024-05 Dynamic Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5037768)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

7.2AI Score

2024-05-14 05:00 PM
21
msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5037763)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-05-14 05:00 PM
1
msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 1809 for ARM64-based Systems (KB5037765)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-05-14 05:00 PM
1
cve
cve

CVE-2024-4820

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-14 03:45 PM
23
nvd
nvd

CVE-2024-4820

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....

6.3CVSS

6.5AI Score

0.0004EPSS

2024-05-14 03:45 PM
cve
cve

CVE-2024-4798

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may....

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-14 03:44 PM
18
nvd
nvd

CVE-2024-4798

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-14 03:44 PM
cve
cve

CVE-2024-4606

Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through...

5.4CVSS

6.8AI Score

0.0004EPSS

2024-05-14 03:44 PM
1
nvd
nvd

CVE-2024-4606

Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through...

5.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:44 PM
nvd
nvd

CVE-2024-4383

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2024-4383

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-14 03:43 PM
28
nvd
nvd

CVE-2024-4213

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as...

5.3CVSS

5.6AI Score

0.0005EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2024-4213

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as...

5.3CVSS

6.6AI Score

0.0005EPSS

2024-05-14 03:43 PM
9
osv
osv

CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...

8.1CVSS

7.2AI Score

0.0005EPSS

2024-05-14 03:36 PM
7
debiancve
debiancve

CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...

8.1CVSS

7.4AI Score

0.0005EPSS

2024-05-14 03:36 PM
5
nvd
nvd

CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...

8.1CVSS

8.3AI Score

0.0005EPSS

2024-05-14 03:36 PM
cve
cve

CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...

8.1CVSS

7.3AI Score

0.0005EPSS

2024-05-14 03:36 PM
69
nvd
nvd

CVE-2024-28279

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via...

7.7AI Score

EPSS

2024-05-14 03:14 PM
1
cve
cve

CVE-2024-28279

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via...

8.1AI Score

EPSS

2024-05-14 03:14 PM
19
debiancve
debiancve

CVE-2024-27397

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path...

6.7AI Score

0.0004EPSS

2024-05-14 03:12 PM
10
nvd
nvd

CVE-2024-27397

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to...

6.3AI Score

0.0004EPSS

2024-05-14 03:12 PM
cve
cve

CVE-2024-27397

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to...

6.5AI Score

0.0004EPSS

2024-05-14 03:12 PM
41
nvd
nvd

CVE-2024-1166

The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it.....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 02:45 PM
cve
cve

CVE-2024-1166

The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 02:45 PM
21
osv
osv

BIT-scylladb-2023-33972

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

8.8CVSS

7.2AI Score

0.001EPSS

2024-05-14 02:38 PM
4
nessus
nessus

SUSE SLES12 Security Update : python-pyOpenSSL (SUSE-SU-2024:1626-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1626-1 advisory. Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in...

8.1CVSS

7.6AI Score

0.094EPSS

2024-05-14 12:00 AM
2
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1626-1)

The remote host is missing an update for...

8.1CVSS

7.5AI Score

0.094EPSS

2024-05-14 12:00 AM
2
wpvulndb
wpvulndb

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files PoC Note: This must be tested on a web server running Apache 1) Create a new post 2) Add e-Learning block to the post and...

6.5AI Score

0.0004EPSS

2024-05-14 12:00 AM
3
nessus
nessus

Rocky Linux 9 : git-lfs (RLSA-2024:2724)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2724 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames....

7.5AI Score

0.0004EPSS

2024-05-14 12:00 AM
2
wpexploit
wpexploit

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip...

6.8AI Score

0.0004EPSS

2024-05-14 12:00 AM
22
ubuntucve
ubuntucve

CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...

8.1CVSS

8.4AI Score

0.0005EPSS

2024-05-14 12:00 AM
19
nessus
nessus

Rocky Linux 9 : golang (RLSA-2024:2562)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2562 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames....

7.5CVSS

8AI Score

0.0005EPSS

2024-05-14 12:00 AM
3
nessus
nessus

Rocky Linux 9 : tigervnc (RLSA-2024:2616)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2616 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped...

7.8CVSS

7.7AI Score

0.0005EPSS

2024-05-14 12:00 AM
3
ubuntucve
ubuntucve

CVE-2024-27397

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to...

6.5AI Score

0.0004EPSS

2024-05-14 12:00 AM
15
vulnrichment
vulnrichment

CVE-2024-4820 SourceCodester Online Computer and Laptop Store unrestricted upload

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-13 02:00 PM
cvelist
cvelist

CVE-2024-4820 SourceCodester Online Computer and Laptop Store unrestricted upload

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....

6.3CVSS

6.7AI Score

0.0004EPSS

2024-05-13 02:00 PM
2
krebs
krebs

How Did Authorities Identify the Alleged Lockbit Boss?

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how...

7.1AI Score

2024-05-13 11:26 AM
10
veracode
veracode

Cross-Site Scripting (XSS)

froxlor/froxlor is vulnerable to Cross-Site Scripting. The vulnerability is due to inadequate sanitization of user input in the loginname parameter during failed login attempts, which allows attackers to inject and store malicious scripts that are executed when an administrator views the System...

9.6CVSS

6.7AI Score

0.0004EPSS

2024-05-13 06:46 AM
6
Total number of security vulnerabilities82239