Summary Security vulnerability found in openldap package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details ** CVEID: CVE-2023-2953 DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer...
7.1AI Score
0.004EPSS
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
7.2CVSS
6.3AI Score
0.001EPSS
Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager (CVE-2023-50312,CVE-2024-27270 and CVE-2024-22329) Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could.....
6.5AI Score
0.0004EPSS
CVE-2024-4455 YITH WooCommerce Ajax Search <= 2.4.0 - Unauthenticated Stored Cross-Site Scripting
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
6.2AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...
6.4CVSS
6AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...
6.4CVSS
6AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...
5.9AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...
5.9AI Score
0.001EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
6AI Score
0.001EPSS
UK PSTI? You’ll need a Vulnerability Disclosure Program!
If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program (VDP) In the supporting materials for the Act,....
7.4AI Score
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
6.4CVSS
6.1AI Score
0.0004EPSS
JVN#35838128: WordPress Plugin "WP Booking" vulnerable to cross-site scripting
WordPress Plugin "WP Booking" provided by aviplugins.com contains a stored cross-site scripting vulnerability (CWE-79). ## Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. ## Solution Update the plugin Update the plugin to...
6.1AI Score
0.0004EPSS
Intel Media SDK Multiple Vulnerabilities (INTEL-SA-00935)
The version of Intel Media SDK installed on the remote host is affected by multiple vulnerabilities: Improper input validation in Intel Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. (CVE-2023-48368) Improper buffer...
4.9AI Score
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
7.6AI Score
0.0004EPSS
virt:ol and virt-devel:rhel security and enhancement update
hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] -...
8.3AI Score
0.002EPSS
Image builder components bug fix, enhancement and security update
osbuild [110-1] - New upstream release [109-1] - New upstream release [106-1] - New upstream release [105-1] - New upstream release [104-2] - Fix unit tests in RHEL CI by backporting upstream fixes [104-1] - New upstream release [101-1] - New upstream release [100-2] - Change unit-test timeout...
6.8AI Score
0.0004EPSS
[2.02-156.0.1] - Restore correct SBAT entries - Replaced bugzilla.oracle.com references [Orabug: 35475894] - efinet: Close and reopen card on failure [Orabug: 35126950] - Fix CVE-2022-3775 [Orabug: 34867710] - Bump SBAT metadata for grub to 3 [Orabug: 34871758] - Enable signing on aarch64 - Don't.....
6.9AI Score
0.001EPSS
7.4AI Score
Oracle Linux 7 : libreoffice (ELSA-2024-3304)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3304 advisory. [1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in...
7.1AI Score
python39:3.9 and python39-devel:3.9 security update
mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload >= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...
6.7AI Score
0.005EPSS
6.8AI Score
0.0004EPSS
JVN#56781258: Splunk Config Explorer vulnerable to cross-site scripting
Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability (CWE-79). ## Impact An arbitrary script may be executed on the web browser of the user who is using the product. ## Solution Update the software Update the software to the latest version...
6.4AI Score
0.0004EPSS
perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...
6.8AI Score
0.0004EPSS
babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...
6.7AI Score
0.005EPSS
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
2024-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5039705)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....
7.2AI Score
2024-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5039705)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....
7.2AI Score
2024-05 Cumulative Update for Windows 10 Version 1809 for ARM64-based Systems (KB5039705)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....
7.2AI Score
2024-05 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5039705)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....
7.2AI Score
NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific.....
8.8CVSS
8.5AI Score
0.0005EPSS
NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute...
7.8CVSS
7.7AI Score
0.0005EPSS
CVE-2024-5246 NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability
NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific.....
8AI Score
0.0005EPSS
NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute...
7.2AI Score
0.0005EPSS
Issue Overview: A flaw was found in ImageMagick, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability....
6.6AI Score
0.003EPSS
An authentication bypass vulnerability was found in the verify_email_enabled feature of Grafana. Even when enabled, this configuration option does not fully enforce email verification. This issue could allow a remote attacker that has authenticated with basic credentials to change the email...
6.8AI Score
0.0004EPSS
Summary IBM Spectrum Protect Plus Container backup and restore for OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Redis, urllib3, dnspython and gunicorn. Vulnerabilities include denial of service, cross-site scripting, gain elevated privileges on the system, allow a...
9.4AI Score
0.962EPSS
(RHSA-2024:2875) Important: OpenShift Container Platform 4.13.42 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.42. See the following advisory for the RPM...
6.8AI Score
0.037EPSS
Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...
6.7AI Score
Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details ** CVEID: CVE-2023-42753 DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer underflow due to an array indexing...
8.8AI Score
0.017EPSS
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities in updates. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high...
7.4AI Score
0.002EPSS
Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager ((CVE-2024-22259, CVE-2024-22243, CVE-2024-22262). IBM has addressed the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-22262 DESCRIPTION: **VMware Tanzu Spring Framework could allow a.....
7.2AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 110 vulnerabilities disclosed in 84...
9.4AI Score
0.001EPSS
Exploit for Allocation of Resources Without Limits or Throttling in Redhat Enterprise Linux
The DNS infrastructure used for this PoC was the one suggested...
7.2AI Score
(RHSA-2024:3341) Moderate: gdk-pixbuf2 security update
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...
7.5AI Score
0.001EPSS
The Wiz Research team's investigations into AI-as-a-service providers reveals a major risk to AI...
7.2AI Score
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording.....
8.8AI Score
0.002EPSS
ShrinkLocker: Turning BitLocker into ransomware
Introduction Attackers always find creative ways to bypass defensive features and accomplish their goals. This can be done with packers, crypters, and code obfuscation. However, one of the best ways of evading detection, as well as maximizing compatibility, is to use the operating system's own...
6.8AI Score
AutomationDirect Productivity PLCs
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Productivity PLCs Vulnerabilities: Buffer Access with Incorrect Length Value, Out-of-bounds Write, Stack-based Buffer Overflow, Improper Access Control, Active...
10AI Score
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix racy may inline data check in dio write syzbot reports that the following warning from ext4_iomap_begin() triggers as of the commit referenced below: if (WARN_ON_ONCE(ext4_has_inline_data(inode))) return -ERANGE; This...
6.4AI Score
0.0004EPSS