The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...
9.8CVSS
7.4AI Score
0.001EPSS
CVE-2024-4552 Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...
9.8CVSS
7.2AI Score
0.001EPSS
CVE-2024-4552 Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...
9.8CVSS
9.7AI Score
0.001EPSS
Email Subscribers by Icegram Express < 5.7.21 - Unauthenticated SQL Injection via hash
Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query....
9.8CVSS
9.6AI Score
0.001EPSS
Email Subscribers by Icegram Express < 5.7.21 - Unauthenticated SQL Injection via hash
Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query....
9.8CVSS
9.7AI Score
0.001EPSS
9CVSS
6.5AI Score
0.002EPSS
Description The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization....
6.4CVSS
5.8AI Score
0.001EPSS
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
Microsoft is named a leader in the Forrester Wave for XDR
“Defenders think in lists, attackers think in graphs.”1 This remains a reality for the many organizations that operate across siloed security tools, fueling the demand on security operations (SOC) teams, as advanced cyberattacks continue to increase in frequency and speed. That’s where extended...
6.8AI Score
Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet
Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, and Veron over the past...
7.3AI Score
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through...
5.9CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through...
5.9CVSS
6.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through...
5.9CVSS
6.1AI Score
0.0004EPSS
Progress Telerik Report Server - Authentication Bypass
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass...
9.9CVSS
9.7AI Score
0.938EPSS
Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions
Now-patched authorization bypass issues impacting Cox modems could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands. "This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could've...
8.1AI Score
AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)
IBM SECURITY ADVISORY First Issued: Mon Jun 3 08:50:37 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opencryptoki_advisory.asc Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki...
5.9CVSS
5.8AI Score
0.001EPSS
RHEL 4 : evolution (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. DoS from large email (CVE-2006-0040) evolution: mailto URL scheme attachment header improper input...
7.1AI Score
0.018EPSS
RHEL 6 : evolution (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages ...
6.5CVSS
6.6AI Score
0.003EPSS
Description The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it...
5.3CVSS
6.8AI Score
0.0005EPSS
RHEL 5 : evolution (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. evolution: incorrect selection of recipient gpg public key for encrypted mail (CVE-2013-4166) GNOME...
7.5CVSS
8AI Score
0.005EPSS
RHEL 8 : evolution (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. evolution: attaching local filed/directories to composed email can lead to unintended information disclosure...
6.5CVSS
6.4AI Score
0.001EPSS
RHEL 7 : evolution (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. evolution: attaching local filed/directories to composed email can lead to unintended information disclosure...
6.5CVSS
6.5AI Score
0.001EPSS
RHEL 7 : perl-email-address (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-Email-Address: denial of service when parsing crafted email address list (CVE-2015-7686) ...
7.5CVSS
8.2AI Score
0.039EPSS
Description The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for...
5.3CVSS
6.8AI Score
0.0005EPSS
RHEL 6 : django (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-django: DNS rebinding vulnerability when 'DEBUG=True' (CVE-2016-9014) Django before 1.4.21, 1.5.x...
8.1CVSS
7.7AI Score
0.017EPSS
Description The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access....
4.3CVSS
6.4AI Score
0.0004EPSS
Password confirmation stored in plain text via registration form in statamic/cms
Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one...
1.8CVSS
6.2AI Score
0.0004EPSS
Password confirmation stored in plain text via registration form in statamic/cms
Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one...
1.8CVSS
6.2AI Score
0.0004EPSS
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....
5.5CVSS
6.3AI Score
0.0004EPSS
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....
5.5CVSS
6.3AI Score
0.0004EPSS
EvilSlackbot - A Slack Bot Phishing Framework For Red Teaming Exercises
EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Disclaimer This tool is intended for Security Professionals only. Do not use this tool against any Slack workspace without explicit permission to test. Use at your own risk. Background...
7AI Score
4.9CVSS
6.7AI Score
0.013EPSS
6.7AI Score
0.0004EPSS
Ticketmaster confirms customer data breach
Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...
7.4AI Score
AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform
Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. "We have suspicions that a subset of Spaces' secrets could have been accessed without authorization," it said in an advisory. Spaces offers a way for....
7.5AI Score
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.7AI Score
0.001EPSS
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.001EPSS
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices
Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices...
7.6AI Score
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
Beyond Threat Detection – A Race to Digital Security
Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created...
7AI Score