Lucene search

K

Coming Soon – Under Construction Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-2383 Clickjacking Vulnerability in zenml-io/zenml

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...

4.3CVSS

6.5AI Score

0.0004EPSS

2024-06-06 06:18 PM
metasploit
metasploit

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution

The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to...

8.2AI Score

2024-06-06 05:04 PM
13
ibm
ibm

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component...

5.9CVSS

4.5AI Score

0.001EPSS

2024-06-06 03:07 PM
1
kitploit
kitploit

Thief Raccoon - Login Phishing Tool

Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating systems. This tool is intended to raise awareness about cybersecurity threats and help users understand the importance of security measures like 2FA and password...

7.3AI Score

2024-06-06 12:30 PM
24
malwarebytes
malwarebytes

Husband stalked ex-wife with seven AirTags, indictment says

Following their divorce, a husband carried out a campaign of stalking and abuse against his ex-wife—referred to only as “S.K.”—by allegedly hiding seven separate Apple AirTags on or near her car, according to documents filed by US prosecutors for the Eastern District of Pennsylvania. The...

6.2AI Score

2024-06-06 12:20 PM
2
ics
ics

Johnson Controls Software House iStar Pro Door Controller

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House iStar Pro Door Controller, ICU Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this...

6.4AI Score

0.0004EPSS

2024-06-06 12:00 PM
3
thn
thn

Google Maps Timeline Data to be Stored Locally on Your Device for Privacy

Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...

7.2AI Score

2024-06-06 07:15 AM
2
thn
thn

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that's designed to deliver an information stealer called Lumma (aka LummaC2). The package in question is crytic-compilers, a typosquatted version of a legitimate library...

7.1AI Score

2024-06-06 05:49 AM
1
cve
cve

CVE-2024-2017

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated...

5.4CVSS

6.4AI Score

0.001EPSS

2024-06-06 03:15 AM
24
nvd
nvd

CVE-2024-2017

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated...

5.4CVSS

5.2AI Score

0.001EPSS

2024-06-06 03:15 AM
1
cvelist
cvelist

CVE-2024-2017 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated...

5.4CVSS

5.2AI Score

0.001EPSS

2024-06-06 02:38 AM
vulnrichment
vulnrichment

CVE-2024-2017 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated...

5.4CVSS

6.5AI Score

0.001EPSS

2024-06-06 02:38 AM
1
osv
osv

openjdk-21 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21011) It was discovered that OpenJDK 21 incorrectly performed reverse DNS query....

3.7CVSS

5.2AI Score

0.001EPSS

2024-06-06 01:57 AM
osv
osv

openjdk-17 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21011) It was discovered that OpenJDK 17 incorrectly performed reverse DNS query....

3.7CVSS

5.2AI Score

0.001EPSS

2024-06-06 01:55 AM
1
osv
osv

openjdk-lts vulnerabilities

It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21011) It was discovered that OpenJDK 11 incorrectly performed reverse DNS ...

3.7CVSS

5.2AI Score

0.001EPSS

2024-06-06 01:54 AM
1
cve
cve

CVE-2024-0912

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

7AI Score

0.0004EPSS

2024-06-06 12:15 AM
27
nvd
nvd

CVE-2024-0912

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

6.5AI Score

0.0004EPSS

2024-06-06 12:15 AM
ubuntu
ubuntu

OpenJDK 11 vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages openjdk-lts - Open Source Java implementation Details It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could...

3.7CVSS

5.2AI Score

0.001EPSS

2024-06-06 12:00 AM
4
ubuntu
ubuntu

OpenJDK 17 vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages openjdk-17 - Open Source Java implementation Details It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled certain exceptions with specially crafted long messages. An attacker could...

3.7CVSS

5.2AI Score

0.001EPSS

2024-06-06 12:00 AM
1
ubuntu
ubuntu

OpenJDK 21 vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages openjdk-21 - Open Source Java implementation Details It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this...

3.7CVSS

5.2AI Score

0.001EPSS

2024-06-06 12:00 AM
2
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 11 vulnerabilities (USN-6811-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6811-1 advisory. It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially...

3.7CVSS

5.7AI Score

0.001EPSS

2024-06-06 12:00 AM
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 17 vulnerabilities (USN-6812-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6812-1 advisory. It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled certain exceptions with specially...

3.7CVSS

5.7AI Score

0.001EPSS

2024-06-06 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 21 vulnerabilities (USN-6813-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6813-1 advisory. It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long...

3.7CVSS

5.7AI Score

0.001EPSS

2024-06-06 12:00 AM
2
cvelist
cvelist

CVE-2024-0912 CCURE passwords exposed to administrators

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

6.5AI Score

0.0004EPSS

2024-06-05 11:23 PM
4
vulnrichment
vulnrichment

CVE-2024-0912 CCURE passwords exposed to administrators

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

6.8AI Score

0.0004EPSS

2024-06-05 11:23 PM
github
github

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....

7.5AI Score

2024-06-05 05:30 PM
1
osv
osv

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....

7.5AI Score

2024-06-05 05:30 PM
githubexploit
githubexploit

Exploit for CVE-2024-4956

CVE-2024-4956 This repository contains a Python utility for...

7.5CVSS

7.6AI Score

0.013EPSS

2024-06-05 03:37 PM
92
wordfence
wordfence

40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the.....

8.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 03:01 PM
6
malwarebytes
malwarebytes

Financial sextortion scams on the rise

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie....

6.8AI Score

2024-06-05 01:30 PM
1
thn
thn

Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. "The overall goal behind the campaign was to maintain access to the target network for cyberespionage in.....

7AI Score

2024-06-05 11:20 AM
1
thn
thn

Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide

An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to.....

7.8AI Score

2024-06-05 10:10 AM
1
thn
thn

Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows...

7.3AI Score

2024-06-05 06:22 AM
1
github
github

Flooding Server with Thumbnail files

Details 1. All Imagick supported Fileformats are served without filtering The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize...

7.5CVSS

6.5AI Score

0.001EPSS

2024-06-04 05:18 PM
5
osv
osv

Flooding Server with Thumbnail files

Details 1. All Imagick supported Fileformats are served without filtering The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize...

7.5CVSS

6.5AI Score

0.001EPSS

2024-06-04 05:18 PM
3
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for May 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF033 and 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-21501 DESCRIPTION: **Node.js sanitize-html module could allow a remote attacker to...

8.8CVSS

9.7AI Score

EPSS

2024-06-04 05:15 PM
7
redhatcve
redhatcve

CVE-2024-36961

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointer....

6.4AI Score

0.0004EPSS

2024-06-04 04:49 PM
4
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...

9.8CVSS

9.9AI Score

0.938EPSS

2024-06-04 04:07 PM
158
thn
thn

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent...

7.6AI Score

2024-06-04 03:33 PM
1
cve
cve

CVE-2024-35653

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in visualcomposer.Com Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-04 03:15 PM
18
nvd
nvd

CVE-2024-35653

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in visualcomposer.Com Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through...

5.4CVSS

6.4AI Score

0.0004EPSS

2024-06-04 03:15 PM
thn
thn

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8.....

9.9CVSS

8.5AI Score

0.938EPSS

2024-06-04 02:43 PM
1
vulnrichment
vulnrichment

CVE-2024-35653 WordPress Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin <= 45.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in visualcomposer.Com Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-04 02:11 PM
cvelist
cvelist

CVE-2024-35653 WordPress Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin <= 45.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in visualcomposer.Com Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through...

6.5CVSS

5.8AI Score

0.0004EPSS

2024-06-04 02:11 PM
1
ibm
ibm

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-51775

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could...

6.1AI Score

0.0004EPSS

2024-06-04 12:59 PM
4
cve
cve

CVE-2023-49741

Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through...

3.7CVSS

7.2AI Score

0.0004EPSS

2024-06-04 11:15 AM
57
nvd
nvd

CVE-2023-49741

Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through...

3.7CVSS

4.3AI Score

0.0004EPSS

2024-06-04 11:15 AM
2
vulnrichment
vulnrichment

CVE-2023-49741 WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through...

3.7CVSS

7AI Score

0.0004EPSS

2024-06-04 11:05 AM
1
cvelist
cvelist

CVE-2023-49741 WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through...

3.7CVSS

4.3AI Score

0.0004EPSS

2024-06-04 11:05 AM
1
osv
osv

BIT-minio-2024-36107

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

5.3CVSS

6.2AI Score

0.0004EPSS

2024-06-04 09:46 AM
2
Total number of security vulnerabilities149228