Lucene search

K

Classified Listing Store & Membership Addon Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-5599 FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-07 12:33 PM
thn
thn

The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash

Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created...

7.2AI Score

2024-06-07 11:07 AM
1
cve
cve

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...

8.1AI Score

0.0004EPSS

2024-06-07 04:15 AM
24
nvd
nvd

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...

0.0004EPSS

2024-06-07 04:15 AM
vulnrichment
vulnrichment

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...

7.8AI Score

0.0004EPSS

2024-06-07 03:42 AM
cvelist
cvelist

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...

0.0004EPSS

2024-06-07 03:42 AM
2
openvas
openvas

Fedora: Security Advisory for rust-zram-generator (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

7.5AI Score

2024-06-07 12:00 AM
1
cvelist
cvelist

CVE-2024-30163

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...

0.0004EPSS

2024-06-07 12:00 AM
1
vulnrichment
vulnrichment

CVE-2024-30163

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...

8.7AI Score

0.0004EPSS

2024-06-07 12:00 AM
1
jvn
jvn

JVN#79213252: WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection

WordPress Plugin "Music Store - WordPress eCommerce" provided by CodePeople contains an SQL injection vulnerability (CWE-89). ## Impact A user of the product with the administrator privilege may execute an arbitrary SQL command. Information stored in the database may be obtained or altered by the.....

7.2AI Score

0.0004EPSS

2024-06-07 12:00 AM
amazon
amazon

Medium: cri-tools

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.3AI Score

0.0004EPSS

2024-06-06 08:17 PM
nvd
nvd

CVE-2024-5248

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

6.5CVSS

0.0004EPSS

2024-06-06 07:16 PM
cve
cve

CVE-2024-5248

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-06 07:16 PM
24
cvelist
cvelist

CVE-2024-5248 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

6.5CVSS

0.0004EPSS

2024-06-06 06:49 PM
vulnrichment
vulnrichment

CVE-2024-5248 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-06 06:49 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.6AI Score

EPSS

2024-06-06 03:09 PM
7
malwarebytes
malwarebytes

Husband stalked ex-wife with seven AirTags, indictment says

Following their divorce, a husband carried out a campaign of stalking and abuse against his ex-wife—referred to only as “S.K.”—by allegedly hiding seven separate Apple AirTags on or near her car, according to documents filed by US prosecutors for the Eastern District of Pennsylvania. The...

6.2AI Score

2024-06-06 12:20 PM
2
thn
thn

Google Maps Timeline Data to be Stored Locally on Your Device for Privacy

Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...

7.2AI Score

2024-06-06 07:15 AM
2
thn
thn

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that's designed to deliver an information stealer called Lumma (aka LummaC2). The package in question is crytic-compilers, a typosquatted version of a legitimate library...

7.1AI Score

2024-06-06 05:49 AM
1
nvd
nvd

CVE-2024-5162

The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-06 04:15 AM
2
cve
cve

CVE-2024-5162

The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-06 04:15 AM
23
cvelist
cvelist

CVE-2024-5162 WordPress prettyPhoto <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-06 03:53 AM
cvelist
cvelist

CVE-2024-4707 Materialis Companion <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode

The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-06 03:32 AM
vulnrichment
vulnrichment

CVE-2024-4707 Materialis Companion <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode

The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-06 03:32 AM
packetstorm

7.4AI Score

2024-06-06 12:00 AM
75
packetstorm

7.4AI Score

2024-06-06 12:00 AM
73
packetstorm

7.4AI Score

0.0004EPSS

2024-06-06 12:00 AM
110
packetstorm

7.4AI Score

2024-06-06 12:00 AM
74
nvd
nvd

CVE-2024-4812

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host...

4.8CVSS

5AI Score

0.0004EPSS

2024-06-05 03:15 PM
cve
cve

CVE-2024-4812

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host...

4.8CVSS

5.1AI Score

0.0004EPSS

2024-06-05 03:15 PM
22
osv

6.5CVSS

6.5AI Score

0.001EPSS

2024-06-05 03:10 PM
cvelist
cvelist

CVE-2024-4812 Katello: potential cross-site scripting exploit in ui

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host...

4.8CVSS

5AI Score

0.0004EPSS

2024-06-05 03:06 PM
1
redhatcve
redhatcve

CVE-2024-4812

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host...

4.8CVSS

5.1AI Score

0.0004EPSS

2024-06-05 03:04 PM
1
cvelist
cvelist

CVE-2024-3667 Brizy – Page Builder <= 2.4.43 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget Link To URL

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

7.4CVSS

5.5AI Score

0.001EPSS

2024-06-05 05:33 AM
1
qualysblog
qualysblog

TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats

Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isn't confined to Azure; in Google Cloud Platform (GCP) environments there is a 98% failure rate of encryption-related controls for both compute engine and storage...

7.2AI Score

2024-06-04 03:00 PM
3
malwarebytes
malwarebytes

Debt collection agency FBCS leaks information of 3 million US citizens

The US debt collection agency Financial Business and Consumer Solutions (FBCS) has filed a data breach notification, listing the the total number of people affected as 3,226,631. FBCS is a nationally licensed, third-party collection agency that collects commercial and consumer debts, with most of.....

7.5AI Score

2024-06-04 11:58 AM
8
redhat
redhat

(RHSA-2024:3581) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....

6.1AI Score

0.001EPSS

2024-06-04 10:56 AM
7
redhat
redhat

(RHSA-2024:3580) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....

6.1AI Score

0.001EPSS

2024-06-04 10:56 AM
6
cve
cve

CVE-2023-47837

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

8.3CVSS

7.2AI Score

0.0004EPSS

2024-06-04 10:15 AM
1
nvd
nvd

CVE-2023-47837

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

8.3CVSS

8.4AI Score

0.0004EPSS

2024-06-04 10:15 AM
vulnrichment
vulnrichment

CVE-2023-47837 WordPress ARMember plugin <= 4.0.10 - Membership Plan Bypass vulnerability

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

8.3CVSS

7AI Score

0.0004EPSS

2024-06-04 10:10 AM
1
cvelist
cvelist

CVE-2023-47837 WordPress ARMember plugin <= 4.0.10 - Membership Plan Bypass vulnerability

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...

8.3CVSS

8.4AI Score

0.0004EPSS

2024-06-04 10:10 AM
1
osv
osv

BIT-hubble-2024-25630

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue...

6.1CVSS

6.1AI Score

0.0004EPSS

2024-06-04 09:43 AM
1
nessus
nessus

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3581)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3581 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-04 12:00 AM
2
zdt
zdt

Employee And Visitor Gate Pass Logging System 1.0 SQL Injection Vulnerability

Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...

8.7AI Score

2024-06-04 12:00 AM
62
nessus
nessus

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3580)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3580 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-04 12:00 AM
cve
cve

CVE-2024-31684

Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a deprecated...

7.4AI Score

EPSS

2024-06-03 07:15 PM
15
nvd
nvd

CVE-2024-31684

Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a deprecated...

6.8AI Score

EPSS

2024-06-03 07:15 PM
qualysblog
qualysblog

PCI DSS 4.0: Get Audit-Ready for the New Requirements

The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...

7.6AI Score

2024-06-03 05:41 PM
1
nvd
nvd

CVE-2024-34789

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-03 11:15 AM
1
Total number of security vulnerabilities82240