Lucene search

K

Float Menu – Awesome Floating Side Menu Security Vulnerabilities

cvelist
cvelist

CVE-2024-1940 Brizy – Page Builder <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. This makes it possible for...

7.1CVSS

5.6AI Score

0.0004EPSS

2024-06-05 05:33 AM
vulnrichment
vulnrichment

CVE-2024-1940 Brizy – Page Builder <= 2.4.41 - Authenticated(Contributor+) Stored Cross-Site Scripting

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. This makes it possible for...

7.1CVSS

5.8AI Score

0.0004EPSS

2024-06-05 05:33 AM
cve
cve

CVE-2024-5317

The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.4CVSS

6.3AI Score

0.0005EPSS

2024-06-05 02:15 AM
21
fedora
fedora

[SECURITY] Fedora 40 Update: qadwaitadecorations-0.1.5-4.fc40

Qt decoration plugin implementing Adwaita-like client-side...

6.6AI Score

0.0004EPSS

2024-06-05 01:41 AM
cve
cve

CVE-2024-4084

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-05 12:15 AM
4
nvd
nvd

CVE-2024-4084

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...

7.5CVSS

7.6AI Score

0.001EPSS

2024-06-05 12:15 AM
cvelist
cvelist

CVE-2024-4084 SSRF vulnerability in mintplex-labs/anything-llm

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192,...

7.7CVSS

7.6AI Score

0.001EPSS

2024-06-05 12:00 AM
2
wpvulndb
wpvulndb

Ninja Tables – Easiest Data Table Builder < 5.0.10 - Authenticated (Admin+) Server-Side Request Forgery

Description The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary.....

4.4CVSS

9.2AI Score

0.0004EPSS

2024-06-05 12:00 AM
1
osv
osv

Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...

7.8CVSS

6.3AI Score

0.001EPSS

2024-06-05 12:00 AM
nessus
nessus

RHEL 8 : kernel-rt (RHSA-2024:3627)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3627 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
1
almalinux
almalinux

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

7.8CVSS

7AI Score

0.001EPSS

2024-06-05 12:00 AM
almalinux
almalinux

Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...

7.8CVSS

6.9AI Score

0.001EPSS

2024-06-05 12:00 AM
2
nessus
nessus

AlmaLinux 8 : kernel-rt (ALSA-2024:3627)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3627 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
wpvulndb
wpvulndb

Blocksy Companion < 2.0.43 - Authenticated (Admin+) Server-Side Request Forgery

Description The Blocksy Companion plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.42. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating...

4.4CVSS

9.2AI Score

0.0004EPSS

2024-06-05 12:00 AM
1
wpvulndb
wpvulndb

Church Admin < 4.4.0 - Authenticated (Admin+) Server-Side Request Forgery

Description The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.3.6. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from...

4.4CVSS

9.2AI Score

0.0004EPSS

2024-06-05 12:00 AM
1
nessus
nessus

AlmaLinux 8 : kernel update (Medium) (ALSA-2024:3618)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3618 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-05 12:00 AM
3
osv
osv

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

7.8CVSS

6.6AI Score

0.001EPSS

2024-06-05 12:00 AM
2
nessus
nessus

RHEL 8 : kernel update (Moderate) (RHSA-2024:3618)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3618 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability...

7.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 12:00 AM
oraclelinux
oraclelinux

kernel update

[4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict...

7.8CVSS

9AI Score

0.001EPSS

2024-06-05 12:00 AM
2
nvd
nvd

CVE-2024-36675

LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head...

9.1CVSS

6.6AI Score

EPSS

2024-06-04 10:15 PM
1
cve
cve

CVE-2024-36675

LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head...

9.1CVSS

7.2AI Score

EPSS

2024-06-04 10:15 PM
1
osv
osv

CVE-2024-36675

LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head...

9.1CVSS

6.9AI Score

EPSS

2024-06-04 10:15 PM
cve
cve

CVE-2024-4219

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery...

9.1CVSS

7.3AI Score

0.001EPSS

2024-06-04 09:15 PM
1
nvd
nvd

CVE-2024-4219

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery...

9.1CVSS

5.2AI Score

0.001EPSS

2024-06-04 09:15 PM
1
cvelist
cvelist

CVE-2024-4219 SSRF In BeyondInsight

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery...

4.8CVSS

5.2AI Score

0.001EPSS

2024-06-04 08:08 PM
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for May 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF033 and 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-21501 DESCRIPTION: **Node.js sanitize-html module could allow a remote attacker to...

8.8CVSS

9.7AI Score

EPSS

2024-06-04 05:15 PM
7
mssecure
mssecure

The four stages of creating a trust fabric with identity and network security

How implementing a trust fabric strengthens identity and network Read the blog At Microsoft, we’re continually evolving our solutions for protecting identities and access to meet the ever-changing security demands our customers face. In a recent post, we introduced the concept of the trust...

7.5AI Score

2024-06-04 04:00 PM
3
qualysblog
qualysblog

TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats

Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isn't confined to Azure; in Google Cloud Platform (GCP) environments there is a 98% failure rate of encryption-related controls for both compute engine and storage...

7.2AI Score

2024-06-04 03:00 PM
3
ics
ics

Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CC-Link IE TSN Industrial Managed Switch Vulnerabilities: Observable Timing Discrepancy, Double Free 2. RISK EVALUATION Successful exploitation of these...

7.5CVSS

8.2AI Score

0.002EPSS

2024-06-04 12:00 PM
15
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1271-2)

The remote host is missing an update for...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-06-04 12:00 AM
2
nessus
nessus

SUSE SLES15 Security Update : gnutls (SUSE-SU-2024:1271-2)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1271-2 advisory. - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) - CVE-2024-28835: Fixed denial of service during...

5.3CVSS

7.4AI Score

0.0005EPSS

2024-06-04 12:00 AM
redhatcve
redhatcve

CVE-2024-36950

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...

6.3AI Score

0.0004EPSS

2024-06-03 05:33 PM
4
ibm
ibm

Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)

Summary Vulnerability in openCryptoki could allow a remote attacker to obtain sensitive information (CVE-2024-0914). Vulnerability Details ** CVEID: CVE-2024-0914 DESCRIPTION: **openCryptoki could allow a remote attacker to obtain sensitive information, caused by a flaw when processing RSA PKCS#1.....

5.9CVSS

6AI Score

0.001EPSS

2024-06-03 04:12 PM
2
redhatcve
redhatcve

CVE-2024-36899

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(),...

6.7AI Score

0.0004EPSS

2024-06-03 01:33 PM
2
kitploit
kitploit

Startup-SBOM - A Tool To Reverse Engineer And Inspect The RPM And APT Databases To List All The Packages Along With Executables, Service And Versions

This is a simple SBOM utility which aims to provide an insider view on which packages are getting executed. The process and objective is simple we can get a clear perspective view on the packages installed by APT (currently working on implementing this for RPM and other package managers). This is.....

7.2AI Score

2024-06-03 12:30 PM
6
redhatcve
redhatcve

CVE-2024-36938

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-06-03 12:01 PM
3
ibm
ibm

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

4.3CVSS

5.6AI Score

0.0004EPSS

2024-06-03 11:37 AM
3
ibm
ibm

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

4.3CVSS

5.6AI Score

0.0004EPSS

2024-06-03 11:32 AM
2
schneier
schneier

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...

6.9AI Score

2024-06-03 11:06 AM
5
nvd
nvd

CVE-2024-35635

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

4.4CVSS

5.2AI Score

0.0004EPSS

2024-06-03 10:15 AM
1
cve
cve

CVE-2024-35635

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

4.4CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 AM
14
cve
cve

CVE-2024-35633

Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through...

4.4CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 AM
14
nvd
nvd

CVE-2024-35633

Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through...

4.4CVSS

5.2AI Score

0.0004EPSS

2024-06-03 10:15 AM
vulnrichment
vulnrichment

CVE-2024-35633 WordPress Blocksy Companion plugin <= 2.0.42 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through...

4.4CVSS

7AI Score

0.0004EPSS

2024-06-03 10:04 AM
cvelist
cvelist

CVE-2024-35633 WordPress Blocksy Companion plugin <= 2.0.42 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through...

4.4CVSS

5.2AI Score

0.0004EPSS

2024-06-03 10:04 AM
cvelist
cvelist

CVE-2024-35635 WordPress Ninja Tables plugin <= 5.0.9 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

4.4CVSS

5.2AI Score

0.0004EPSS

2024-06-03 10:03 AM
ibm
ibm

Security Bulletin: IBM Sterling Transformation Extender is vulnerable to multiple issues due to IBM Java

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a...

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-03 09:18 AM
2
cve
cve

CVE-2024-35637

Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through...

4.4CVSS

7.2AI Score

0.0004EPSS

2024-06-03 09:15 AM
14
nvd
nvd

CVE-2024-35637

Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through...

4.4CVSS

5.2AI Score

0.0004EPSS

2024-06-03 09:15 AM
1
cvelist
cvelist

CVE-2024-35637 WordPress Church Admin plugin <= 4.3.6 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through...

4.4CVSS

5.2AI Score

0.0004EPSS

2024-06-03 08:59 AM
1
Total number of security vulnerabilities58188