Lucene search

K

Classified Listing Store & Membership Addon Security Vulnerabilities

cgr
cgr

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, vault-k8s-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips,...

7.3AI Score

2024-05-19 03:07 AM
43
cgr
cgr

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...

7.3AI Score

2024-05-19 03:07 AM
3
cgr
cgr

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...

6.3AI Score

0.001EPSS

2024-05-19 03:07 AM
23
cgr
cgr

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...

6.3AI Score

0.0004EPSS

2024-05-19 03:07 AM
7
cgr
cgr

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, gatekeeper-fips, tigera-operator, vault-k8s-fips, kots, kubernetes-dashboard, flux-kustomize-controller-0.37, flux-notification-controller, boring-registry, tekton-pipelines, bank-vaults-fips, gobuster, grpc-health-probe,...

6.7AI Score

0.963EPSS

2024-05-19 03:07 AM
139
cgr
cgr

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, gatekeeper-fips, vault-k8s-fips, kots, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...

7.3AI Score

2024-05-19 03:07 AM
23
cgr
cgr

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...

7.3AI Score

2024-05-19 03:07 AM
19
cgr
cgr

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, gatekeeper-fips, kots, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, kubernetes-csi-external-resizer-fips, kubernetes-csi-node-driver-registrar, aws-ebs-csi-driver, metrics-server,...

7.3AI Score

2024-05-19 03:07 AM
50
cgr
cgr

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

7.3AI Score

2024-05-19 03:07 AM
11
ubuntucve
ubuntucve

CVE-2024-35877

In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the...

6.1AI Score

0.0004EPSS

2024-05-19 12:00 AM
3
ubuntucve
ubuntucve

CVE-2024-35921

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed in....

6.5AI Score

0.0004EPSS

2024-05-19 12:00 AM
1
qualysblog
qualysblog

Qualys Enterprise TruRisk™ Platform Extends FIM with Real-Time Monitoring of Unauthorized Access to Sensitive Data and Configuration Change Detection on Network Devices

Introducing FIM 4.0 with File Access Monitoring (FAM) and Agentless FIM to ensure compliance with the new PCI 4.0 File Integrity Monitoring (FIM) solutions are essential for virtually any organization to help identify suspicious activities across critical system files and registries, diagnose...

7.3AI Score

2024-05-17 11:45 PM
7
cve
cve

CVE-2024-34241

A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course...

5.6AI Score

EPSS

2024-05-17 04:15 PM
25
nvd
nvd

CVE-2024-34241

A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course...

5.4AI Score

EPSS

2024-05-17 04:15 PM
1
metasploit
metasploit

Adi IRC credential gatherer

PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...

7AI Score

2024-05-17 02:58 PM
17
nvd
nvd

CVE-2023-51401

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

6.3CVSS

6.3AI Score

0.0004EPSS

2024-05-17 09:15 AM
cve
cve

CVE-2023-51398

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-05-17 09:15 AM
43
cve
cve

CVE-2023-51401

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

6.3CVSS

6.7AI Score

0.0004EPSS

2024-05-17 09:15 AM
41
nvd
nvd

CVE-2023-51398

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
cve
cve

CVE-2023-51356

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
33
nvd
nvd

CVE-2023-51356

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
5
cvelist
cvelist

CVE-2023-51401 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.13 - Limited Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

6.3CVSS

6.3AI Score

0.0004EPSS

2024-05-17 08:40 AM
vulnrichment
vulnrichment

CVE-2023-51398 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.14 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

8.8CVSS

7AI Score

0.0004EPSS

2024-05-17 08:40 AM
2
cvelist
cvelist

CVE-2023-51398 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.14 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-17 08:40 AM
cvelist
cvelist

CVE-2023-51356 WordPress ARMember plugin <= 4.0.10 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-17 08:39 AM
vulnrichment
vulnrichment

CVE-2023-51356 WordPress ARMember plugin <= 4.0.10 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-05-17 08:39 AM
cve
cve

CVE-2023-41956

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-05-17 07:16 AM
24
nvd
nvd

CVE-2023-41956

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-17 07:16 AM
2
cve
cve

CVE-2023-41957

Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through...

8.6CVSS

6.8AI Score

0.0004EPSS

2024-05-17 07:16 AM
24
nvd
nvd

CVE-2023-41957

Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through...

8.6CVSS

8.7AI Score

0.0004EPSS

2024-05-17 07:16 AM
1
cve
cve

CVE-2023-41954

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...

8.6CVSS

6.8AI Score

0.0004EPSS

2024-05-17 07:15 AM
29
nvd
nvd

CVE-2023-41954

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...

8.6CVSS

8.7AI Score

0.0004EPSS

2024-05-17 07:15 AM
vulnrichment
vulnrichment

CVE-2023-41957 WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability

Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through...

8.6CVSS

6.9AI Score

0.0004EPSS

2024-05-17 06:56 AM
cvelist
cvelist

CVE-2023-41957 WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability

Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through...

8.6CVSS

8.7AI Score

0.0004EPSS

2024-05-17 06:56 AM
cvelist
cvelist

CVE-2023-41956 WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-17 06:55 AM
1
vulnrichment
vulnrichment

CVE-2023-41956 WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-05-17 06:55 AM
vulnrichment
vulnrichment

CVE-2023-41954 WordPress ProfilePress plugin <= 4.13.1 - Unauthenticated Limited Privilege Escalation vulnerability

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...

8.6CVSS

7AI Score

0.0004EPSS

2024-05-17 06:54 AM
1
cvelist
cvelist

CVE-2023-41954 WordPress ProfilePress plugin <= 4.13.1 - Unauthenticated Limited Privilege Escalation vulnerability

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through...

8.6CVSS

8.7AI Score

0.0004EPSS

2024-05-17 06:54 AM
1
metasploit
metasploit

Quassel IRC credential gatherer

PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...

7AI Score

2024-05-17 12:12 AM
20
nessus
nessus

EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2024-1647)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...

3.7CVSS

7.5AI Score

0.001EPSS

2024-05-17 12:00 AM
2
nessus
nessus

GitLab 7.12 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13335)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Improper group membership validation when deleting a user account in GitLab &gt;=7.12 allows a user to delete own account without deleting/transferring their group. (CVE-2020-13335) Note that Nessus...

4.3CVSS

7AI Score

0.001EPSS

2024-05-17 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for shadow-utils (EulerOS-SA-2024-1705)

The remote host is missing an update for the Huawei...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-17 12:00 AM
2
nessus
nessus

GitLab 13.1 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26417)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions &gt;=13.6 to &lt;13.6.2, &gt;=13.5 to &lt;13.5.5, and &gt;=13.1 to &lt...

5.3CVSS

7AI Score

0.001EPSS

2024-05-17 12:00 AM
1
nessus
nessus

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2024-1677)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of...

6.5CVSS

7.2AI Score

0.001EPSS

2024-05-17 12:00 AM
2
nessus
nessus

EulerOS Virtualization 3.0.6.0 : shadow-utils (EulerOS-SA-2024-1705)

According to the versions of the shadow-utils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password...

5.5CVSS

7.7AI Score

0.0004EPSS

2024-05-17 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1677)

The remote host is missing an update for the Huawei...

6.5CVSS

7AI Score

0.001EPSS

2024-05-17 12:00 AM
4
nessus
nessus

GitLab 11.2 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13346)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. (CVE-2020-13346) ...

6.5CVSS

7AI Score

0.001EPSS

2024-05-17 12:00 AM
2
thn
thn

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all...

7.3AI Score

EPSS

2024-05-16 04:02 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-4352

CVE-2024-4352-Poc CVE-2024-4352 Tutor LMS Pro &lt;= 2.7.0 -...

8.8CVSS

8.7AI Score

0.001EPSS

2024-05-16 02:55 PM
213
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...

10CVSS

9.5AI Score

EPSS

2024-05-16 01:04 PM
24
Total number of security vulnerabilities82384