Lucene search

K

Classified Listing Store & Membership Addon Security Vulnerabilities

msupdate
msupdate

2024-06 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5039225)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-06-11 05:00 PM
msupdate
msupdate

2024-06 Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5039211)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

7.1AI Score

2024-06-11 05:00 PM
msupdate
msupdate

2024-06 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5039211)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

7.1AI Score

2024-06-11 05:00 PM
1
msupdate
msupdate

2024-06 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5039211)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

7.2AI Score

2024-06-11 05:00 PM
3
msupdate
msupdate

2024-06 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5039214)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-06-11 05:00 PM
16
msupdate
msupdate

2024-06 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5039214)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-06-11 05:00 PM
2
msupdate
msupdate

2024-06 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5039211)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

7.1AI Score

2024-06-11 05:00 PM
6
msupdate
msupdate

2024-06 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5039211)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

7.1AI Score

2024-06-11 05:00 PM
22
msupdate
msupdate

2024-06 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5039211)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

7.2AI Score

2024-06-11 05:00 PM
msupdate
msupdate

2024-06 Dynamic Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5039211)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

7.2AI Score

2024-06-11 05:00 PM
1
msupdate
msupdate

2024-06 Dynamic Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5039211)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

7.2AI Score

2024-06-11 05:00 PM
msupdate
msupdate

2024-06 Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5039211)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

7.1AI Score

2024-06-11 05:00 PM
16
msupdate
msupdate

2024-06 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5039217)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-06-11 05:00 PM
7
msupdate
msupdate

2024-06 Dynamic Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5039211)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

7.2AI Score

2024-06-11 05:00 PM
2
msupdate
msupdate

2024-06 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5039217)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-06-11 05:00 PM
msupdate
msupdate

2024-06 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5039211)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

7.1AI Score

2024-06-11 05:00 PM
2
msupdate
msupdate

2024-06 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5039217)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-06-11 05:00 PM
23
github
github

10 years of the GitHub Security Bug Bounty Program

Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...

7AI Score

2024-06-11 04:00 PM
1
nvd
nvd

CVE-2024-35667

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-11 03:16 PM
2
cve
cve

CVE-2024-35667

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-11 03:16 PM
20
thn
thn

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the....

9.8CVSS

6.7AI Score

0.957EPSS

2024-06-11 02:32 PM
1
cvelist
cvelist

CVE-2024-35667 WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-11 02:09 PM
1
vulnrichment
vulnrichment

CVE-2024-35667 WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-11 02:09 PM
malwarebytes
malwarebytes

Google&#8217;s Chrome changes make life harder for ad blockers

Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...

7AI Score

2024-06-11 10:45 AM
3
thn
thn

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture.....

7.4AI Score

2024-06-11 10:10 AM
1
osv
osv

CVE-2024-37168

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...

5.3CVSS

7.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
1
cve
cve

CVE-2024-37168

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-06-10 10:15 PM
33
nvd
nvd

CVE-2024-37168

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...

5.3CVSS

0.0005EPSS

2024-06-10 10:15 PM
4
cvelist
cvelist

CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...

5.3CVSS

0.0005EPSS

2024-06-10 09:32 PM
12
vulnrichment
vulnrichment

CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...

5.3CVSS

7.1AI Score

0.0005EPSS

2024-06-10 09:32 PM
1
github
github

Docker CLI leaks private registry credentials to registry-1.docker.io

Impact A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

7.5CVSS

6.4AI Score

0.001EPSS

2024-06-10 06:38 PM
1
osv
osv

Docker CLI leaks private registry credentials to registry-1.docker.io

Impact A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

7.5CVSS

6.4AI Score

0.001EPSS

2024-06-10 06:38 PM
2
nvd
nvd

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 05:16 PM
3
cve
cve

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

5.5AI Score

0.0005EPSS

2024-06-10 05:16 PM
22
vulnrichment
vulnrichment

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

7.1AI Score

0.0005EPSS

2024-06-10 04:21 PM
1
cvelist
cvelist

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 04:21 PM
4
impervablog
impervablog

A European Summer of Sports is Upon Us – What Does it Mean for Security?

The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....

7AI Score

2024-06-10 01:00 PM
12
nuclei
nuclei

Prime Mover < 1.9.3 - Sensitive Data Exposure

Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and...

7.5CVSS

6.7AI Score

0.003EPSS

2024-06-10 11:52 AM
nessus
nessus

CentOS 7 : glibc (RHSA-2024:3588)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3588 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting...

7.9AI Score

0.0005EPSS

2024-06-10 12:00 AM
1
nvd
nvd

CVE-2024-30163

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...

0.0004EPSS

2024-06-07 05:15 PM
5
cve
cve

CVE-2024-30163

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...

8.3AI Score

0.0004EPSS

2024-06-07 05:15 PM
23
github
github

TYPO3 Cross-Site Scripting in Filelist Module

It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the...

6.5AI Score

2024-06-07 05:10 PM
1
osv
osv

TYPO3 Cross-Site Scripting in Filelist Module

It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the...

6.5AI Score

2024-06-07 05:10 PM
3
malwarebytes
malwarebytes

Google will start deleting location history

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they've been.....

6.7AI Score

2024-06-07 04:26 PM
4
thn
thn

Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts

2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of.....

7.3AI Score

2024-06-07 03:57 PM
2
nvd
nvd

CVE-2024-36790

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in...

EPSS

2024-06-07 03:15 PM
2
cve
cve

CVE-2024-36790

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in...

6.8AI Score

EPSS

2024-06-07 03:15 PM
23
cve
cve

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...

9.8CVSS

7.8AI Score

EPSS

2024-06-07 01:15 PM
24
nvd
nvd

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...

9.8CVSS

EPSS

2024-06-07 01:15 PM
7
cvelist
cvelist

CVE-2024-5599 FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS

0.001EPSS

2024-06-07 12:33 PM
Total number of security vulnerabilities82240