CVE-2024-3755 MF Gig Calendar <= 1.2.1 - Editor+ Stored XSS
The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.5AI Score
0.0004EPSS
Oracle Linux 9 : edk2 (ELSA-2024-2264)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2264 advisory. EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local...
8.8CVSS
7.6AI Score
0.006EPSS
Oracle Linux 9 : python3.11-cryptography (ELSA-2024-2337)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2337 advisory. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or...
7.5CVSS
7AI Score
0.001EPSS
Oracle Linux 9 : frr (ELSA-2024-2156)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2156 advisory. An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. (CVE-2023-41358) An...
9.1CVSS
7.1AI Score
0.005EPSS
GLSA-202405-02 : ImageMagick: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-02 (ImageMagick: Multiple Vulnerabilities) A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the...
7.8CVSS
7.8AI Score
0.014EPSS
Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...
8.4CVSS
9.4AI Score
0.014EPSS
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System GUI, which could allow a remote attacker to cause a denial of service. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to...
5.9CVSS
6.4AI Score
0.001EPSS
A vulnerability in the mbedtls_x509_set_extension function of the Mbed TLS software is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto....
7.5CVSS
6.7AI Score
0.001EPSS
Agentless FIM for Detecting Network Configuration Changes
Dealing with multiple network administrators making frequent configuration changes with a monitoring solution that provides insights into device change without causing resource constraints. The performance and capabilities of a network device are entirely dependent upon its configuration settings.....
7.2AI Score
The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
8.8CVSS
8.7AI Score
0.001EPSS
The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
8.8CVSS
7.1AI Score
0.001EPSS
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for.....
7.1CVSS
6.6AI Score
0.0004EPSS
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for.....
7.1CVSS
6.3AI Score
0.0004EPSS
The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
8.8CVSS
8.9AI Score
0.001EPSS
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for.....
7.1CVSS
6.8AI Score
0.0004EPSS
Introducing Artifact Attestations–now in public beta
There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to their source code and build instructions. And with more than 100M developers building on GitHub, we want to ensure developers have the tools needed to help...
6.3AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...
9.1AI Score
EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus.
Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Solaris. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote...
9.8CVSS
8.8AI Score
0.003EPSS
Administrator Cross Site Scripting (XSS) in Archives Calendar Widget <= 1.0.15...
5.9CVSS
6.5AI Score
0.0004EPSS
Universal Forwarders < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0614)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0614 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...
9.8CVSS
8.5AI Score
0.073EPSS
KLA66425 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Picture In Picture can be exploited to cause denial of...
8AI Score
0.0004EPSS
Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0613 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...
9.8CVSS
8.9AI Score
0.304EPSS
kernel security, bug fix, and enhancement update
[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...
9.8CVSS
7.5AI Score
0.011EPSS
Universal Forwarder 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0809)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0809 advisory. Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap...
9.8CVSS
8.8AI Score
0.073EPSS
Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory. Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending...
8.8CVSS
7.2AI Score
0.014EPSS
Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0808)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0808 advisory. decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. (CVE-2022-38900) The got package...
9.8CVSS
9AI Score
0.073EPSS
Summary Several vulnerabilities were fixed in the IBM Security Verify Directory Suite. Vulnerability Details ** CVEID: CVE-2022-32753 DESCRIPTION: **IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...
7.5CVSS
6.3AI Score
0.001EPSS
Security Bulletin: IBM Controller has addressed multiple vulnerabilities
Summary IBM Controller is affected and considered vulnerable, based on current information, to multiple vulnerabilites. This Security Bulletin addresses the vulnerabilities that have been remediated in IBM Controller. Vulnerability Details ** CVEID: CVE-2023-40695 DESCRIPTION: **IBM Cognos...
9.8CVSS
9.8AI Score
0.973EPSS
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus
Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow...
7.5CVSS
7.4AI Score
0.001EPSS
Summary Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...
5.9CVSS
7.1AI Score
0.001EPSS
MF Gig Calendar <= 1.2.1 - Cross-Site Request Forgery
Description The MF Gig Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...
5.4CVSS
6.7AI Score
0.0004EPSS
Pretty Google Calendar < 2.0.0 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
6.3AI Score
0.0004EPSS
Where does your software (really) come from?
Software is a funny, profound thing: each piece of it is an invisible machine, seemingly made of magic words, designed to run on the ultimate, universal machine. It's not alive, but it has a lifecycle. It starts out as source code--just text files, sitting in a repository somewhere--and then later....
6.9AI Score
KLA66424 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Picture In Picture can be exploited to cause denial of service...
8.1AI Score
0.0004EPSS
Security Bulletin: Multiple Vulnerabilities in IBM SDK Java affect IBM Cloud Pak System
Summary Multiple vulnerabilities found in IBM Java SDK reported in the IBM Java SDK CPU update October 2022 affect OS Image shipped with Cloud Pak System. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the...
5.3CVSS
5.7AI Score
0.002EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Fedora 40 : python-cryptography (2024-9d2de2b051)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9d2de2b051 advisory. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or...
7.5CVSS
6.5AI Score
0.001EPSS
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode
Description The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for....
8.8CVSS
7.3AI Score
0.001EPSS
Fedora 40 : ovn (2024-bf29e92de4)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bf29e92de4 advisory. A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can...
6.5CVSS
7.1AI Score
0.0005EPSS
Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation
Description The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their...
8.8CVSS
7.3AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:1446-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1446-1 advisory. Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and ...
6.5CVSS
7.9AI Score
0.006EPSS
SUSE SLES12 Security Update : php74 (SUSE-SU-2024:1445-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1445-1 advisory. Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site...
6.5CVSS
7.9AI Score
0.006EPSS
SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2024:1444-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1444-1 advisory. Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and ...
6.5CVSS
7.9AI Score
0.006EPSS
K000139429 : Oracle GraalVM Vulnerability CVE-2024-20954 and CVE-2024-21098
Security Advisory Description CVE-2024-20954 Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition:...
3.7CVSS
5.3AI Score
0.0005EPSS
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential...
6.8AI Score
KLA66484 Multiple vulnerabilities in Foxit Reader
Multiple vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in ComboBox widget can be exploited to cause denial of service or...
8.8CVSS
8.2AI Score
0.001EPSS
openSUSE: Security Advisory for php8 (SUSE-SU-2024:1446-1)
The remote host is missing an update for...
6.5CVSS
8.5AI Score
0.006EPSS
openSUSE: Security Advisory for php7 (SUSE-SU-2024:1444-1)
The remote host is missing an update for...
6.5CVSS
8.5AI Score
0.006EPSS