Lucene search

K

Classified Listing Store & Membership Addon Security Vulnerabilities

cvelist
cvelist

CVE-2022-48760 USB: core: Fix hang in usb_kill_urb by adding memory barriers

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. It turns out the issue is not unlinking the URB; that works just...

0.0004EPSS

2024-06-20 11:13 AM
1
vulnrichment
vulnrichment

CVE-2022-48750 hwmon: (nct6775) Fix crash in clear_caseopen

In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix crash in clear_caseopen Paweł Marciniak reports the following crash, observed when clearing the chassis intrusion alarm. BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops: 0000...

6.3AI Score

0.0004EPSS

2024-06-20 11:13 AM
1
cvelist
cvelist

CVE-2022-48750 hwmon: (nct6775) Fix crash in clear_caseopen

In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix crash in clear_caseopen Paweł Marciniak reports the following crash, observed when clearing the chassis intrusion alarm. BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops: 0000...

0.0004EPSS

2024-06-20 11:13 AM
2
veracode
veracode

SQL Injection

Magento is vulnerable to SQL injection. The vulnerability is due to a user with store manipulation privileges being able to execute arbitrary SQL queries by accessing the database connection through a group instance in email...

8.8CVSS

8.1AI Score

0.001EPSS

2024-06-20 08:38 AM
8
cve
cve

CVE-2024-4742

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and...

9.8CVSS

9.5AI Score

0.001EPSS

2024-06-20 02:15 AM
26
nvd
nvd

CVE-2024-4742

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and...

9.8CVSS

0.001EPSS

2024-06-20 02:15 AM
2
vulnrichment
vulnrichment

CVE-2024-4742 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and...

9.8CVSS

7.1AI Score

0.001EPSS

2024-06-20 02:08 AM
cvelist
cvelist

CVE-2024-4742 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and...

9.8CVSS

0.001EPSS

2024-06-20 02:08 AM
5
ubuntucve
ubuntucve

CVE-2022-48760

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. It turns out the issue is not unlinking the URB; that works just...

6.9AI Score

0.0004EPSS

2024-06-20 12:00 AM
ubuntucve
ubuntucve

CVE-2022-48750

In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix crash in clear_caseopen Pawe? Marciniak reports the following crash, observed when clearing the chassis intrusion alarm. BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops: 0000...

6.9AI Score

0.0004EPSS

2024-06-20 12:00 AM
googleprojectzero
googleprojectzero

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering,...

7.9AI Score

2024-06-20 12:00 AM
4
qualysblog
qualysblog

TotalCloud Insights: Protect Your AWS Environment by Managing Access Keys Securely

Introduction With the average cost of a data breach coming in at $4.45M in 2023, safeguarding sensitive information and maintaining the security of cloud environments is more critical than ever. Instances of compromised access keys, not exclusive to AWS (Amazon Web Services) but prevalent across...

7.3AI Score

2024-06-19 03:02 PM
3
nvd
nvd

CVE-2023-39990

Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-19 01:15 PM
2
cve
cve

CVE-2023-39990

Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-19 01:15 PM
25
vulnrichment
vulnrichment

CVE-2023-39990 WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-19 12:08 PM
1
cvelist
cvelist

CVE-2023-39990 WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-19 12:08 PM
3
nvd
nvd

CVE-2024-1407

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible....

5.4CVSS

0.001EPSS

2024-06-19 07:15 AM
2
cve
cve

CVE-2024-1407

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible....

5.4CVSS

5.2AI Score

0.001EPSS

2024-06-19 07:15 AM
23
cvelist
cvelist

CVE-2024-1407 Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible....

5.4CVSS

0.001EPSS

2024-06-19 06:55 AM
3
vulnrichment
vulnrichment

CVE-2024-1407 Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible....

5.4CVSS

6.7AI Score

0.001EPSS

2024-06-19 06:55 AM
hackerone
hackerone

curl: NULL dereference when encoding DN of x509 certificate

libcurl at commit 04739054cdac5a0614fb94e3655e313c03399f35 contains a NULL-dereference in function encodeDN() when parsing the certificate of a server during the TLS connect-phase. The vulnerable code is in lib/vtls/x509asn1.c:701: ```c static CURLcode encodeDN(struct dynbuf store, struct...

7.1AI Score

2024-06-19 12:38 AM
11
thn
thn

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive...

7.3AI Score

2024-06-18 01:30 PM
9
securelist
securelist

Analysis of user password strength

The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of...

6.9AI Score

2024-06-18 11:30 AM
3
thn
thn

The Annual SaaS Security Report: 2025 CISO Plans and Priorities

Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA)....

7.2AI Score

2024-06-18 11:23 AM
14
nuclei
nuclei

XWiki < 4.10.15 - Information Disclosure

The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected...

7.5CVSS

6.3AI Score

0.508EPSS

2024-06-18 10:34 AM
3
nuclei
nuclei

CrateDB Database - Arbitrary File Read

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY.....

6.5CVSS

7AI Score

0.052EPSS

2024-06-18 09:47 AM
1
cve
cve

CVE-2023-5527

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...

7.4CVSS

7.6AI Score

0.001EPSS

2024-06-18 06:15 AM
26
wpvulndb
wpvulndb

Music Store - WordPress eCommerce < 1.1.14 - Authenticated (Admin+) SQL Injection

Description The Music Store – WordPress eCommerce plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.1.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.2AI Score

0.0004EPSS

2024-06-18 12:00 AM
1
osv
osv

Firefly III has a MFA bypass in oauth flow

Impact A MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to your Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-06-17 10:28 PM
4
github
github

Firefly III has a MFA bypass in oauth flow

Impact A MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to your Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-06-17 10:28 PM
10
nvd
nvd

CVE-2024-37893

Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from...

5.9CVSS

0.0004EPSS

2024-06-17 08:15 PM
5
cve
cve

CVE-2024-37893

Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from...

5.9CVSS

6AI Score

0.0004EPSS

2024-06-17 08:15 PM
28
cvelist
cvelist

CVE-2024-37893 MFA bypass in oauth flow in Firefly III

Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from...

5.9CVSS

0.0004EPSS

2024-06-17 07:39 PM
5
vulnrichment
vulnrichment

CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.5AI Score

0.0004EPSS

2024-06-17 03:09 PM
cvelist
cvelist

CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

0.0004EPSS

2024-06-17 03:09 PM
8
cve
cve

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

6.7AI Score

0.0004EPSS

2024-06-17 08:15 AM
24
nvd
nvd

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

0.0004EPSS

2024-06-17 08:15 AM
3
nvd
nvd

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

0.0004EPSS

2024-06-17 08:15 AM
4
cve
cve

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

6.7AI Score

0.0004EPSS

2024-06-17 08:15 AM
23
cve
cve

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

6.8AI Score

0.0004EPSS

2024-06-17 08:15 AM
23
nvd
nvd

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

0.0004EPSS

2024-06-17 08:15 AM
3
cvelist
cvelist

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

0.0004EPSS

2024-06-17 07:34 AM
5
vulnrichment
vulnrichment

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

6.9AI Score

0.0004EPSS

2024-06-17 07:34 AM
1
cvelist
cvelist

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

0.0004EPSS

2024-06-17 07:34 AM
4
vulnrichment
vulnrichment

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

6.7AI Score

0.0004EPSS

2024-06-17 07:34 AM
2
vulnrichment
vulnrichment

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

6.8AI Score

0.0004EPSS

2024-06-17 07:33 AM
4
cvelist
cvelist

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

0.0004EPSS

2024-06-17 07:33 AM
3
packetstorm

7.4AI Score

0.0004EPSS

2024-06-17 12:00 AM
81
githubexploit
githubexploit

Exploit for SQL Injection in Crmeb

CVE-2024-36837 POC write URL in url.txt and run...

7.5CVSS

7.9AI Score

0.005EPSS

2024-06-15 04:44 PM
204
nvd
nvd

CVE-2024-6013

A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The exploit has been...

6.3CVSS

0.0004EPSS

2024-06-15 04:15 PM
3
Total number of security vulnerabilities82384