Takeaways From The Take Command Summit: Navigating Modern SOC Challenges
At our recent Take Command summit, experts delved into the pressing challenges faced by SOC teams. With 2,365 more data breaches in 2023 than in 2022 (74% of which were a direct result of cyber attacks), the need for robust security operations has never been greater. Key takeaways from the 25...
A vulnerability was found in ORIPA up to 1.72. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/oripa/persistence/doc/loader/LoaderXML.java. The manipulation leads to deserialization. The attack can be launched remotely....
6.3CVSS
6.5AI Score
EPSS
A vulnerability was found in ORIPA up to 1.72. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/oripa/persistence/doc/loader/LoaderXML.java. The manipulation leads to deserialization. The attack can be launched remotely....
6.3CVSS
EPSS
CVE-2024-6441 ORIPA LoaderXML.java deserialization
A vulnerability was found in ORIPA up to 1.72. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/oripa/persistence/doc/loader/LoaderXML.java. The manipulation leads to deserialization. The attack can be launched remotely....
6.3CVSS
EPSS
A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated...
6.3CVSS
EPSS
A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. It is possible to launch the.....
6.3CVSS
6.9AI Score
EPSS
A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...
6.3CVSS
6.9AI Score
EPSS
A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...
6.3CVSS
EPSS
A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated...
6.3CVSS
6.5AI Score
EPSS
A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. It is possible to launch the.....
6.3CVSS
EPSS
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
EPSS
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated...
5.3CVSS
5.3AI Score
EPSS
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.7AI Score
EPSS
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...
5.3CVSS
EPSS
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated...
5.3CVSS
EPSS
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...
5.3CVSS
5.2AI Score
EPSS
The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.7AI Score
EPSS
The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
EPSS
8.1CVSS
8.3AI Score
0.0005EPSS
The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
EPSS
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...
5.3CVSS
EPSS
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated...
5.3CVSS
EPSS
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
EPSS
CVE-2024-6440 SourceCodester Home Owners Collection Management System sql injection
A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. It is possible to launch the.....
6.3CVSS
EPSS
CVE-2024-6439 SourceCodester Home Owners Collection Management System unrestricted upload
A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated...
6.3CVSS
EPSS
How MFA Failures are Fueling a 500% Surge in Ransomware Losses
The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual "State of Ransomware 2024" report that the average ransom payment has increased 500% in the.....
7.3AI Score
CVE-2024-6438 Hitout Carsale OrderController.java sql injection
A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...
6.3CVSS
EPSS
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with....
4.3CVSS
EPSS
The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
4.3AI Score
EPSS
The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
EPSS
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with....
4.3CVSS
4.5AI Score
EPSS
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory...
5.5CVSS
6.2AI Score
EPSS
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory...
5.5CVSS
EPSS
8.1CVSS
8.1AI Score
0.0005EPSS
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with....
4.3CVSS
EPSS
The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
EPSS
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory...
5.5CVSS
EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘read_more_text’ parameter in all versions up to, and including, 3.5.5 due to...
6.4CVSS
5.8AI Score
EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘read_more_text’ parameter in all versions up to, and including, 3.5.5 due to...
6.4CVSS
EPSS
Vulnerabilities for packages: k3d, flux, actions-runner-controller, fulcio, opentelemetry-collector-contrib, cosign, skopeo, consul, flux-image-reflector-controller, snyk-cli, tekton-chains, gomplate, gh, terragrunt, timestamp-authority, guac, rook, rabbitmq-messaging-topology-operator,...
6CVSS
6AI Score
0.0004EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: prometheus-stackdriver-exporter, dynamic-localpv-provisioner, atlantis, cortex, gobuster, kpt, ingress-nginx-controller, prometheus, spark-operator, hey, kubernetes-csi-livenessprobe, terraform, envoy-ratelimit, coredns, node-problem-detector, aws-efs-csi-driver,...
7.5CVSS
9AI Score
0.732EPSS
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: k3d, helm-push, eksctl, helm, melange, zot, kubevela, cilium-cli, skaffold, trivy, up, kots, telegraf, tekton-pipelines, flux-helm-controller, newrelic-infrastructure-agent, kaniko, ctop, flux-source-controller, gitness, neuvector-agent, fuse-overlayfs-snapshotter,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: flux-helm-controller, helm-push, flux-source-controller, k8sgpt, helm-operator, cilium-cli, chartmuseum, trivy, eksctl, up, istio-operator, zarf, k9s, kots, cert-manager, zot,...
6.4CVSS
6.7AI Score
0.0004EPSS
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: flux-helm-controller, helm-push, flux-source-controller, k8sgpt, helm-operator, cilium-cli, chartmuseum, trivy, eksctl, up, istio-operator, zarf, k9s, kots, cert-manager, zot,...
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: falco, k3d, chartmuseum, tekton-chains, kpt, skaffold, up, loki, scorecard, prometheus, tekton-pipelines, bom, k3s, aactl, slsa-verifier, ctop, goreleaser, paranoia, cert-manager,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, actions-runner-controller, dagger, prometheus-stackdriver-exporter, dynamic-localpv-provisioner, trillian, skopeo, chartmuseum, atlantis, eksctl, cortex, cluster-proportional-autoscaler, kubeflow-pipelines, prometheus-postgres-exporter,....
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, actions-runner-controller, dagger, helm-push, regclient, dynamic-localpv-provisioner, trillian, yam, chartmuseum, eksctl, oras, cortex, cluster-proportional-autoscaler, kubeflow-pipelines, prometheus-postgres-exporter, mockery, runc,...
7.8AI Score
0.0004EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: falco, traefik, fulcio, cosign, vault, tekton-chains, terragrunt, oauth2-proxy, cilium-envoy, gitsign, kots, tekton-pipelines, cert-manager, cloudflared, external-secrets-operator, sops, keda, aactl, slsa-verifier, argo-workflows, dex, argo-cd, vexctl,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: k3d, helm-push, trillian, chartmuseum, atlantis, eksctl, terragrunt, kpt, docker-credential-gcr, gobump, flannel-cni-plugin, nri-consul, crossplane-provider-azure, loki, prometheus, pombump, spark-operator, influx, terraform, cadvisor, ytt,...
6.8AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: k3d, kubernetes-dns-node-cache, helm-push, prometheus-stackdriver-exporter, regclient, dynamic-localpv-provisioner, trillian, skopeo, chartmuseum, atlantis, eksctl, neuvector-scanner, oras, cortex, overmind, mockery, extism, runc, kpt, docker-credential-gcr,...
6.5AI Score
0.0004EPSS