There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can interfere with a system administrator’s use of the policy management UI when the attacker convinces the victim administrator to follow a crafted link to the...
6.5CVSS
0.0004EPSS
There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can interfere with a system administrator’s use of the policy management UI when the attacker convinces the victim administrator to follow a crafted link to the...
6.5CVSS
5.9AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...
4.5CVSS
4.5AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...
4.5CVSS
0.0004EPSS
There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the...
4.9CVSS
5.2AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the same....
4.5CVSS
4.5AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is unchanged, there is no.....
4.5CVSS
4.5AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Attackers can pass a limited-length script to the administrative UI which is then stored where an administrator can access it. The scope is unchanged, there is no.....
5.3CVSS
5AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Attackers can pass a limited-length script to the administrative UI which is then stored where an administrator can access it. The scope is unchanged, there is no.....
5.3CVSS
0.0004EPSS
There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the same....
4.5CVSS
0.0004EPSS
There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is unchanged, there is no.....
4.5CVSS
0.0004EPSS
There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the...
4.9CVSS
0.0004EPSS
There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....
4.8CVSS
0.0004EPSS
There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....
4.8CVSS
4.9AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management...
4.5CVSS
0.0004EPSS
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...
4.5CVSS
6.6AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...
4.5CVSS
0.0004EPSS
There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is unchanged, there is no.....
4.5CVSS
0.0004EPSS
There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the...
4.9CVSS
0.0004EPSS
There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the...
4.9CVSS
7.2AI Score
0.0004EPSS
7AI Score
0.001EPSS
There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Attackers can pass a limited-length script to the administrative UI which is then stored where an administrator can access it. The scope is unchanged, there is no.....
5.3CVSS
6AI Score
0.0004EPSS
There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Attackers can pass a limited-length script to the administrative UI which is then stored where an administrator can access it. The scope is unchanged, there is no.....
5.3CVSS
0.0004EPSS
There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the same....
4.5CVSS
0.0004EPSS
There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....
4.8CVSS
0.0004EPSS
There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator....
4.8CVSS
6AI Score
0.0004EPSS
On March 31st, 2024, The Payments Card Industry Standards Security Council (PCI SSC) officially retired version 3.2.1 of the PCI Data Security Standard (PCI DSS) with the publication of its new sets of protocols and security standards for v4.0. With the continued rise in cyber threats against...
7.6AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.3AI Score
EPSS
XWiki < 14.10.14 - Cross-Site Scripting
XWiki is vulnerable to reflected cross-site scripting (RXSS) via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the....
9.6CVSS
7AI Score
0.005EPSS
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.8CVSS
9.9AI Score
0.019EPSS
Summary IBM WebSphere Application Server is vulnerable to identity spoofing. Vulnerability Details ** CVEID: CVE-2024-37532 DESCRIPTION: **IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. CVSS Base score: 8.8 CVSS...
8.8CVSS
6.2AI Score
0.0004EPSS
Issue Overview: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. (CVE-2024-1298) Affected Packages: edk2 Note: This...
6CVSS
6.9AI Score
0.0004EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
0.0004EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
5.1AI Score
0.0004EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
6.7AI Score
0.0004EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
0.0004EPSS
moodle/moodle is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to insufficient escaping of calendar event titles, leading to a stored XSS risk in the event deletion...
5.4AI Score
0.0004EPSS
5.6CVSS
5.7AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6840-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6840-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
8AI Score
0.0004EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...
8.3AI Score
0.0004EPSS
openSUSE: Security Advisory for php8 (SUSE-SU-2024:2038-1)
The remote host is missing an update for...
5.3CVSS
5.4AI Score
0.001EPSS
Moodle < 4.1.11, 4.2.x < 4.2.8, 4.3.x < 4.3.5, 4.4.x < 4.4.1 Multiple Vulnerabilities
Moodle is prone to multiple...
7.3AI Score
0.0004EPSS
openSUSE: Security Advisory for php8 (SUSE-SU-2024:2039-1)
The remote host is missing an update for...
5.3CVSS
5.4AI Score
0.001EPSS
Moodle stored XSS via calendar's event title when deleting the event
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion...
5.8AI Score
0.0004EPSS
Moodle stored XSS via calendar's event title when deleting the event
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion...
5.8AI Score
0.0004EPSS
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion...
0.0004EPSS
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion...
5.6AI Score
0.0004EPSS
CVE-2024-38274 moodle: stored XSS via calendar's event title when deleting the event
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion...
0.0004EPSS
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information...
7.4CVSS
0.0004EPSS
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information...
7.4CVSS
7.2AI Score
0.0004EPSS