Lucene search

K

Diary & Availability Calendar Security Vulnerabilities

nessus
nessus

RHEL 8 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2767)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2767 advisory. This project provides the possibility to switch from the Sensu-based availability monitoring solution to a monitoring solution based on...

7.5CVSS

7.9AI Score

0.001EPSS

2024-05-22 12:00 AM
2
nessus
nessus

CentOS 8 : edk2 (CESA-2024:3017)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3017 advisory. EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local...

8.8CVSS

8.3AI Score

0.006EPSS

2024-05-22 12:00 AM
3
nessus
nessus

CentOS 8 : python3.11-cryptography (CESA-2024:3105)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2024:3105 advisory. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or...

7.5CVSS

6.5AI Score

0.001EPSS

2024-05-22 12:00 AM
1
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...

8.7AI Score

0.0004EPSS

2024-05-22 12:00 AM
8
cve
cve

CVE-2024-21683

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...

8.8CVSS

8.8AI Score

0.511EPSS

2024-05-21 11:15 PM
336
nvd
nvd

CVE-2024-21683

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...

8.8CVSS

8.8AI Score

0.511EPSS

2024-05-21 11:15 PM
1
vulnrichment
vulnrichment

CVE-2024-21683

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...

7.5AI Score

0.511EPSS

2024-05-21 11:00 PM
1
cvelist
cvelist

CVE-2024-21683

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...

8.8AI Score

0.511EPSS

2024-05-21 11:00 PM
2
ibm
ibm

Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313)

Summary IBM WebSphere Application Server could provide weaker than expected security for outbound TLS connections. Vulnerability Details ** CVEID: CVE-2023-50313 DESCRIPTION: **IBM WebSphere Application Server could provide weaker than expected security for outbound TLS connections caused by a...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-05-21 08:05 PM
14
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22081, CVE-2023-22067, and CVE-2023-5676 Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified...

5.9CVSS

5.6AI Score

0.001EPSS

2024-05-21 07:22 PM
22
ibm
ibm

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability. Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server and IBM WebSphere Application Server Liberty.....

7CVSS

7AI Score

0.0004EPSS

2024-05-21 03:05 PM
27
cve
cve

CVE-2024-4695

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-21 10:15 AM
27
nvd
nvd

CVE-2024-4695

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-21 10:15 AM
atlassian
atlassian

DoS (Denial of Service) com.google.code.gson:gson Dependency in Crucible Data Center and Server

This High severity com.google.code.gson:gson Dependency vulnerability was introduced in version 4.8.0 of Crucible Data Center and Server. This com.google.code.gson:gson Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.7CVSS

6.8AI Score

0.002EPSS

2024-05-21 10:14 AM
2
vulnrichment
vulnrichment

CVE-2024-4695 Move Addons for Elementor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-21 09:31 AM
cvelist
cvelist

CVE-2024-4695 Move Addons for Elementor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-21 09:31 AM
kaspersky
kaspersky

KLA67728 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: Heap buffer overflow vulnerability in ANGLE can be exploited to cause denial of service Heap...

8.4AI Score

0.0004EPSS

2024-05-21 12:00 AM
mssecure
mssecure

New Windows 11 features strengthen security to address evolving cyberthreat landscape

Ahead of the Microsoft Build 2024 conference, we announced a new class of Windows computers, Copilot+ PC. Alongside this exciting new class of PCs, we are introducing important security features and updates that make Windows 11 more secure for users and organizations and give developers the tools.....

7AI Score

2024-05-20 06:00 PM
5
f5
f5

K000139678: MySQL Server vulnerability CVE-2024-21055

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

6AI Score

0.0004EPSS

2024-05-20 12:00 AM
7
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-22081 ...

5.9CVSS

7AI Score

0.001EPSS

2024-05-17 07:28 PM
20
cve
cve

CVE-2024-24715

Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
36
nvd
nvd

CVE-2024-24715

Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-17 09:15 AM
cve
cve

CVE-2023-46784

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...

8.2CVSS

6.7AI Score

0.0004EPSS

2024-05-17 09:15 AM
57
nvd
nvd

CVE-2023-46784

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...

8.2CVSS

8.2AI Score

0.0004EPSS

2024-05-17 09:15 AM
vulnrichment
vulnrichment

CVE-2024-24715 WordPress WordPress BookIt Plugin plugin <= 2.4.0 - Price Bypass Vulnerability vulnerability

Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-05-17 08:48 AM
cvelist
cvelist

CVE-2024-24715 WordPress WordPress BookIt Plugin plugin <= 2.4.0 - Price Bypass Vulnerability vulnerability

Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-17 08:48 AM
1
cvelist
cvelist

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...

8.2CVSS

8.2AI Score

0.0004EPSS

2024-05-17 08:34 AM
vulnrichment
vulnrichment

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...

8.2CVSS

6.8AI Score

0.0004EPSS

2024-05-17 08:34 AM
nvd
nvd

CVE-2023-33321

Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-17 07:15 AM
cve
cve

CVE-2023-33321

Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-05-17 07:15 AM
23
cvelist
cvelist

CVE-2023-33321 WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure

Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-17 06:45 AM
wpvulndb
wpvulndb

Happy Addons for Elementor Authenticated (Contributor+) Stored-XSS < 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget

Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-17 12:00 AM
4
f5
f5

K000139668: MySQL Server vulnerabilities CVE-2024-21000 and CVE-2024-21008

Security Advisory Description CVE-2024-21000 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with...

4.5AI Score

0.0004EPSS

2024-05-17 12:00 AM
11
f5
f5

K000139667: MySQL vulnerability CVE-2024-21056

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

4.7AI Score

0.0004EPSS

2024-05-17 12:00 AM
6
openvas
openvas

Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2024-1680)

The remote host is missing an update for the Huawei...

4.8CVSS

6.6AI Score

0.0005EPSS

2024-05-17 12:00 AM
1
nessus
nessus

EulerOS Virtualization 3.0.6.0 : gcc (EulerOS-SA-2024-1680)

According to the versions of the gcc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an...

4.8CVSS

7.9AI Score

0.0005EPSS

2024-05-17 12:00 AM
hackerone
hackerone

U.S. Dept Of Defense: Out-Of-Bounds Memory Read on ███

Vulnerability Identifier: OOB Memory Read (CVE-ID Pending) Affected System: Netscaler ADC and Gateway deployed at https://███████/nf/auth/doAuthentication.do Overview: An out-of-bounds (OOB) memory read vulnerability has been identified in Netscaler ADC (Application Delivery Controller) and...

9.4CVSS

7.8AI Score

0.971EPSS

2024-05-16 07:04 PM
10
redhatcve
redhatcve

CVE-2024-4761

An out-of-bounds write vulnerability was found in the Chromium web browser. If a remote, unauthenticated attacker tricks a user into visiting a specially crafted HTML page, the attacker could write to memory, which is out of bounds. This issue could have impacts to integrity, availability, and...

8.8CVSS

8.4AI Score

0.003EPSS

2024-05-16 05:18 PM
9
githubexploit
githubexploit

Exploit for CVE-2024-4352

CVE-2024-4352-Poc CVE-2024-4352 Tutor LMS Pro &lt;= 2.7.0 -...

8.8CVSS

8.7AI Score

0.001EPSS

2024-05-16 02:55 PM
213
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...

10CVSS

9.5AI Score

EPSS

2024-05-16 01:04 PM
24
ics
ics

Siemens SIMATIC RTLS Locating Manager

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

10CVSS

9.2AI Score

0.009EPSS

2024-05-16 12:00 PM
11
cve
cve

CVE-2024-4288

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-16 11:15 AM
25
nvd
nvd

CVE-2024-4288

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-16 11:15 AM
cvelist
cvelist

CVE-2024-4288 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS

6.3AI Score

0.001EPSS

2024-05-16 11:05 AM
vulnrichment
vulnrichment

CVE-2024-4288 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-16 11:05 AM
thn
thn

Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines

Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances. "The impacts enabled by these flaws are...

9.8CVSS

9.4AI Score

0.003EPSS

2024-05-16 10:12 AM
3
nvd
nvd

CVE-2024-4391

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-16 09:15 AM
cve
cve

CVE-2024-4391

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-16 09:15 AM
25
vulnrichment
vulnrichment

CVE-2024-4391 Happy Addons for Elementor Authenticated (Contributor+) Stored-XSS <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-16 08:32 AM
1
cvelist
cvelist

CVE-2024-4391 Happy Addons for Elementor Authenticated (Contributor+) Stored-XSS <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

6AI Score

0.001EPSS

2024-05-16 08:32 AM
Total number of security vulnerabilities57784