Lucene search

K

Diary & Availability Calendar Security Vulnerabilities

cvelist
cvelist

CVE-2024-3755 MF Gig Calendar <= 1.2.1 - Editor+ Stored XSS

The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.5AI Score

0.0004EPSS

2024-05-06 06:00 AM
1
nessus
nessus

Oracle Linux 9 : edk2 (ELSA-2024-2264)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2264 advisory. EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local...

8.8CVSS

7.6AI Score

0.006EPSS

2024-05-06 12:00 AM
6
nessus
nessus

Oracle Linux 9 : python3.11-cryptography (ELSA-2024-2337)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2337 advisory. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or...

7.5CVSS

7AI Score

0.001EPSS

2024-05-06 12:00 AM
2
nessus
nessus

Oracle Linux 9 : frr (ELSA-2024-2156)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2156 advisory. An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. (CVE-2023-41358) An...

9.1CVSS

7.1AI Score

0.005EPSS

2024-05-06 12:00 AM
2
nessus
nessus

GLSA-202405-02 : ImageMagick: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-02 (ImageMagick: Multiple Vulnerabilities) A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the...

7.8CVSS

7.8AI Score

0.014EPSS

2024-05-04 12:00 AM
4
ibm
ibm

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...

8.4CVSS

9.4AI Score

0.014EPSS

2024-05-03 01:22 PM
10
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Storage Scale packaged in IBM Storage Scale System

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System GUI, which could allow a remote attacker to cause a denial of service. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to...

5.9CVSS

6.4AI Score

0.001EPSS

2024-05-03 09:17 AM
7
redos
redos

ROS-20240503-04

A vulnerability in the mbedtls_x509_set_extension function of the Mbed TLS software is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto....

7.5CVSS

6.7AI Score

0.001EPSS

2024-05-03 12:00 AM
5
qualysblog
qualysblog

Agentless FIM for Detecting Network Configuration Changes

Dealing with multiple network administrators making frequent configuration changes with a monitoring solution that provides insights into device change without causing resource constraints. The performance and capabilities of a network device are entirely dependent upon its configuration settings.....

7.2AI Score

2024-05-02 05:35 PM
6
nvd
nvd

CVE-2024-2831

The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS

8.7AI Score

0.001EPSS

2024-05-02 05:15 PM
cve
cve

CVE-2024-2831

The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS

7.1AI Score

0.001EPSS

2024-05-02 05:15 PM
26
nvd
nvd

CVE-2024-1945

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for.....

7.1CVSS

6.6AI Score

0.0004EPSS

2024-05-02 05:15 PM
1
cve
cve

CVE-2024-1945

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for.....

7.1CVSS

6.3AI Score

0.0004EPSS

2024-05-02 05:15 PM
26
cvelist
cvelist

CVE-2024-2831

The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS

8.9AI Score

0.001EPSS

2024-05-02 04:51 PM
1
cvelist
cvelist

CVE-2024-1945

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for.....

7.1CVSS

6.8AI Score

0.0004EPSS

2024-05-02 04:51 PM
github
github

Introducing Artifact Attestations–now in public beta

There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to their source code and build instructions. And with more than 100M developers building on GitHub, we want to ensure developers have the tools needed to help...

6.3AI Score

2024-05-02 04:00 PM
12
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...

9.1AI Score

EPSS

2024-05-02 02:49 PM
47
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus.

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Solaris. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote...

9.8CVSS

8.8AI Score

0.003EPSS

2024-05-02 02:18 PM
8
cvelist
cvelist

CVE-2024-33950 WordPress Archives Calendar Widget plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability

Administrator Cross Site Scripting (XSS) in Archives Calendar Widget &lt;= 1.0.15...

5.9CVSS

6.5AI Score

0.0004EPSS

2024-05-02 11:32 AM
nessus
nessus

Universal Forwarders < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0614)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0614 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...

9.8CVSS

8.5AI Score

0.073EPSS

2024-05-02 12:00 AM
4
kaspersky
kaspersky

KLA66425 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Picture In Picture can be exploited to cause denial of...

8AI Score

0.0004EPSS

2024-05-02 12:00 AM
2
nessus
nessus

Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0613 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...

9.8CVSS

8.9AI Score

0.304EPSS

2024-05-02 12:00 AM
6
oraclelinux
oraclelinux

kernel security, bug fix, and enhancement update

[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...

9.8CVSS

7.5AI Score

0.011EPSS

2024-05-02 12:00 AM
6
nessus
nessus

Universal Forwarder 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0809)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0809 advisory. Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap...

9.8CVSS

8.8AI Score

0.073EPSS

2024-05-02 12:00 AM
14
nessus
nessus

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory. Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending...

8.8CVSS

7.2AI Score

0.014EPSS

2024-05-02 12:00 AM
5
nessus
nessus

Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0808)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0808 advisory. decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. (CVE-2022-38900) The got package...

9.8CVSS

9AI Score

0.073EPSS

2024-05-02 12:00 AM
5
ibm
ibm

Security Bulletin: Multiple Security Vulnerabilities discovered in IBM Security Directory Suite (CVE-2022-32753, CVE-2022-32751, CVE-2022-33165)

Summary Several vulnerabilities were fixed in the IBM Security Verify Directory Suite. Vulnerability Details ** CVEID: CVE-2022-32753 DESCRIPTION: **IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...

7.5CVSS

6.3AI Score

0.001EPSS

2024-05-01 11:29 PM
3
ibm
ibm

Security Bulletin: IBM Controller has addressed multiple vulnerabilities

Summary IBM Controller is affected and considered vulnerable, based on current information, to multiple vulnerabilites. This Security Bulletin addresses the vulnerabilities that have been remediated in IBM Controller. Vulnerability Details ** CVEID: CVE-2023-40695 DESCRIPTION: **IBM Cognos...

9.8CVSS

9.8AI Score

0.973EPSS

2024-05-01 09:46 PM
14
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow...

7.5CVSS

7.4AI Score

0.001EPSS

2024-05-01 06:20 PM
6
ibm
ibm

Security Bulletin: Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...

5.9CVSS

7.1AI Score

0.001EPSS

2024-05-01 10:50 AM
3
wpvulndb
wpvulndb

MF Gig Calendar <= 1.2.1 - Cross-Site Request Forgery

Description The MF Gig Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...

5.4CVSS

6.7AI Score

0.0004EPSS

2024-05-01 12:00 AM
6
wpvulndb
wpvulndb

Pretty Google Calendar < 2.0.0 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

6.3AI Score

0.0004EPSS

2024-05-01 12:00 AM
5
github
github

Where does your software (really) come from?

Software is a funny, profound thing: each piece of it is an invisible machine, seemingly made of magic words, designed to run on the ultimate, universal machine. It's not alive, but it has a lifecycle. It starts out as source code--just text files, sitting in a repository somewhere--and then later....

6.9AI Score

2024-04-30 04:35 PM
7
kaspersky
kaspersky

KLA66424 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Picture In Picture can be exploited to cause denial of service...

8.1AI Score

0.0004EPSS

2024-04-30 12:00 AM
1
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM SDK Java affect IBM Cloud Pak System

Summary Multiple vulnerabilities found in IBM Java SDK reported in the IBM Java SDK CPU update October 2022 affect OS Image shipped with Cloud Pak System. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the...

5.3CVSS

5.7AI Score

0.002EPSS

2024-04-29 10:37 AM
18
nvd
nvd

CVE-2024-33640

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-04-29 05:15 AM
cve
cve

CVE-2024-33640

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-04-29 05:15 AM
25
cvelist
cvelist

CVE-2024-33640 WordPress Pretty Google Calendar plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-04-29 05:02 AM
nessus
nessus

Fedora 40 : python-cryptography (2024-9d2de2b051)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9d2de2b051 advisory. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or...

7.5CVSS

6.5AI Score

0.001EPSS

2024-04-29 12:00 AM
4
wpvulndb
wpvulndb

Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode

Description The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for....

8.8CVSS

7.3AI Score

0.001EPSS

2024-04-29 12:00 AM
6
nessus
nessus

Fedora 40 : ovn (2024-bf29e92de4)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bf29e92de4 advisory. A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can...

6.5CVSS

7.1AI Score

0.0005EPSS

2024-04-29 12:00 AM
4
wpvulndb
wpvulndb

Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation

Description The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their...

8.8CVSS

7.3AI Score

0.0004EPSS

2024-04-29 12:00 AM
5
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:1446-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1446-1 advisory. Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and ...

6.5CVSS

7.9AI Score

0.006EPSS

2024-04-29 12:00 AM
6
nessus
nessus

SUSE SLES12 Security Update : php74 (SUSE-SU-2024:1445-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1445-1 advisory. Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site...

6.5CVSS

7.9AI Score

0.006EPSS

2024-04-29 12:00 AM
7
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2024:1444-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1444-1 advisory. Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and ...

6.5CVSS

7.9AI Score

0.006EPSS

2024-04-29 12:00 AM
7
f5
f5

K000139429 : Oracle GraalVM Vulnerability CVE-2024-20954 and CVE-2024-21098

Security Advisory Description CVE-2024-20954 Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition:...

3.7CVSS

5.3AI Score

0.0005EPSS

2024-04-29 12:00 AM
6
thn
thn

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential...

6.8AI Score

2024-04-28 01:52 PM
69
kaspersky
kaspersky

KLA66484 Multiple vulnerabilities in Foxit Reader

Multiple vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in ComboBox widget can be exploited to cause denial of service or...

8.8CVSS

8.2AI Score

0.001EPSS

2024-04-28 12:00 AM
2
openvas
openvas

openSUSE: Security Advisory for php8 (SUSE-SU-2024:1446-1)

The remote host is missing an update for...

6.5CVSS

8.5AI Score

0.006EPSS

2024-04-27 12:00 AM
7
openvas
openvas

openSUSE: Security Advisory for php7 (SUSE-SU-2024:1444-1)

The remote host is missing an update for...

6.5CVSS

8.5AI Score

0.006EPSS

2024-04-27 12:00 AM
10
Total number of security vulnerabilities57571