Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Security Vulnerabilities
bhhscalifornia.com Cross Site Scripting vulnerability OBB-3939331
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
6.7AI Score
0.0004EPSS
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port...
8AI Score
EPSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the...
EPSS
Certain HP PC BIOS Logo Vulnerabilities
Potential security vulnerabilities, known as LogoFAIL, have been reported in the AMI BIOS and the Insyde BIOS used in certain HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure, and/or data tampering. AMI and Insyde are...
7.8CVSS
7.8AI Score
0.0004EPSS
VMware vCenter Server 7.0 < 7.0U3q / 8.0 < 8.0U3 DoS (CVE-2024-37087)
The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0U3q, or 8.0 prior to 8.0U3. It is, therefore, affected by an denial-of-service vulnerability as referenced in the VMSA-2024-0013 advisory. Note that Nessus has not tested for these issues but has instead relied...
5.3CVSS
7.1AI Score
0.001EPSS
AI Pulse: Siri Says Hi to OpenAI, Deepfake Olympics & more
AI Pulse is a new blog series from Trend Micro on the latest cybersecurity AI news. In this edition: Siri says hi to OpenAI, fraud hogs the AI cybercrime spotlight, and why the Paris Olympics could be a hotbed of...
7.2AI Score
Ivanti Sentry Authentication Bypass
Ivanti Sentry, formerly known as MobileIron Sentry, is vulnerable to an API authentication bypass on the Sentry administrator interface. A remote and unauthenticated attacker can leverage this vulnerability to gain access to sensitive APIs and achieve OS command execution as the root user on the...
8.1AI Score
A vulnerability in the Notes file of the distraction-free note-taking app for Nextcloud is related to the The ability to share a Notes folder with a new user before they are logged in. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive...
4.6CVSS
7AI Score
0.0004EPSS
Intel Chipset Device Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
6.7CVSS
7.1AI Score
0.0004EPSS
VMware ESXi 7.0 / 8.0 Out-of-Bounds read (CVE-2024-37086)
The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3q or 8.0 prior to 8.0 Update 3. It is, therefore, affected by an out-of-bounds read vulnerability as referenced in the VMSA-2024-0013 advisory: Note that Nessus has not tested for these issues but has instead relied...
6.8CVSS
7AI Score
0.0004EPSS
Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer
We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto...
7.3AI Score
WordPress Emergency Password Reset Script Detected
WordPress has a PHP script named emergency.php which is designed to help sites administrators reset their passwords as a last resort. When exposed with the web application, this file can allow a remote and unauthenticated attacker to perform a password reset of the administrator...
7.8AI Score
7.1AI Score
0.0004EPSS
7.5AI Score
7.1AI Score
0.0004EPSS
Ivanti Endpoint Manager Mobile < 11.11.0.0 Authentication Bypass
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, versions before 11.11.0.0 suffer from an authentication bypass vulnerability, allowing unauthorized users to access restricted functionality or resources of the application without proper...
7.5AI Score
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Netplan regression (USN-6851-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6851-2 advisory. USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl...
8.4AI Score
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-2 advisory. USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression...
7.6AI Score
VMware ESXi 7.0 / 8.0 Authenticaton Bypass (CVE-2024-37085)
The version of VMware ESXi installed on the remote host is prior to 8.0 Update 3. It is, therefore, affected by an authentication bypass vulnerability as referenced in the VMSA-2024-0013 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's...
6.8CVSS
7.4AI Score
0.0004EPSS
A Bootiful Podcast: Spring Security community legend Laur Spilca
Hi, Spring fans! In this installment I talk to Spring Security community legend Laur Spilca, live from the Spring I/O show in beautiful...
7.1AI Score
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port...
EPSS
K000140188: PostgreSQL vulnerability CVE-2024-0985
Security Advisory Description Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of...
8CVSS
8.1AI Score
0.001EPSS
8.6CVSS
7.4AI Score
0.019EPSS
9.8CVSS
7.2AI Score
EPSS
Emby Server < 4.8.3.0 XSS Vulnerability
Emby Server is prone to a cross-site scripting (XSS) ...
6.4AI Score
0.0004EPSS
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are...
EPSS
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method...
EPSS
Autodesk Multiple Vulnerabilities (AutoCAD) (adsk-sa-2024-0010)
The version of Autodesk AutoCAD installed on the remote Windows host is a version prior to 2024.1.5. It is, therefore, affected by multiple vulnerabilities: A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious...
7.1AI Score
0.001EPSS
Fedora 40 : emacs (2024-a3fecfab32)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a3fecfab32 advisory. Update to Emacs 29.4, fixing CVE-2024-39331. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
6.7AI Score
0.0004EPSS
The polyfill.js file is a popular open-source library to ensure old browsers compatibility when evaluating JavaScript code. Starting February 2024, the domain polyfill.io and the related GitHub account have been purchased by a malicious threat actor to inject malwares in all web applications...
7.5AI Score
JVN#01073312: "Piccoma" App uses a hard-coded API key for an external service
"Piccoma" App for Android and "Piccoma" App for iOS provided by Kakao piccoma Corp. use a hard-coded API key for an external service (CWE-798). ## Impact Data in the app may be analyzed and API key for an external service may be obtained. Note that the users of the app are not directly affected by....
6.6AI Score
EPSS
8.8CVSS
7.1AI Score
0.003EPSS
7.5CVSS
6.7AI Score
0.002EPSS
K000140189: Linux kernel vulnerability CVE-2021-47572
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path.....
5.5CVSS
6.4AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.003EPSS
GStreamer, GStreamer Plugins: Multiple Vulnerabilities
Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There.....
8.8CVSS
7.6AI Score
0.0005EPSS
Debian dla-3847 : dcmtk - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3847 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3847-1 [email protected] ...
7.5CVSS
7.2AI Score
0.002EPSS
evansjones.co.uk Cross Site Scripting vulnerability OBB-3939330
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
bluegrovehomes.co.uk Cross Site Scripting vulnerability OBB-3939329
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
3d.walktheweb.com Cross Site Scripting vulnerability OBB-3939328
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
cotswoldwindows.co.uk Cross Site Scripting vulnerability OBB-3939327
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
tececo.com Cross Site Scripting vulnerability OBB-3939326
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the...
10CVSS
8AI Score
0.0004EPSS
PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the...
10CVSS
0.0004EPSS
sirsepaca.org Cross Site Scripting vulnerability OBB-3939325
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-6071 PTC Creo Elements/Direct License Server Missing Authorization
PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the...
10CVSS
0.0004EPSS
CVE-2024-6071 PTC Creo Elements/Direct License Server Missing Authorization
PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the...
10CVSS
8AI Score
0.0004EPSS
boosterblog.com Cross Site Scripting vulnerability OBB-3939324
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score