Lucene search

K

Float Menu – Awesome Floating Side Menu Security Vulnerabilities

talosblog
talosblog

Only one critical issue disclosed as part of Microsoft Patch Tuesday

Microsoft released its monthly security update Tuesday, disclosing 49 vulnerabilities across its suite of products and software. Of those there is only one critical vulnerability. Every other security issues disclosed this month is considered "important." The lone critical security issue is...

9.8CVSS

9.8AI Score

0.003EPSS

2024-06-11 05:46 PM
73
cvelist
cvelist

CVE-2022-40225

A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Casting an internal value could lead to floating point exception under certain circumstances. This could allow an attacker to cau...

6.5CVSS

0.0005EPSS

2024-06-11 02:19 PM
1
vulnrichment
vulnrichment

CVE-2022-40225

A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Casting an internal value could lead to floating point exception under certain circumstances. This could allow an attacker to cau...

6.5CVSS

6.8AI Score

0.0005EPSS

2024-06-11 02:19 PM
cve
cve

CVE-2022-40225

A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Casting an internal value could lead to floating point exception under certain circumstances. This could allow an attacker to cau...

7.5CVSS

6.2AI Score

0.0005EPSS

2024-06-11 02:19 PM
41
4
thn
thn

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. "In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event...

7.8CVSS

7.6AI Score

0.974EPSS

2024-06-11 08:47 AM
3
securelist
securelist

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....

10CVSS

9AI Score

0.0004EPSS

2024-06-11 08:00 AM
8
mskb
mskb

Description of the security update for SharePoint Server 2019: June 11, 2024 (KB5002602)

Description of the security update for SharePoint Server 2019: June 11, 2024 (KB5002602) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

7.8CVSS

8AI Score

0.001EPSS

2024-06-11 07:00 AM
1
mskb
mskb

June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529)

June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529) UPDATED 06/11/24 REMINDER The following editions of Windows 10, version 21H2 are at end of service today, June 11, 2024:- Windows 10 Enterprise and Education- Windows 10 IoT Enterprise- Windows 10 Enterprise multi-sessionAfter that...

9.8CVSS

9.8AI Score

0.003EPSS

2024-06-11 07:00 AM
12
mskb
mskb

June 11, 2024—KB5039236 (OS Build 25398.950)

June 11, 2024—KB5039236 (OS Build 25398.950) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

9.8CVSS

9.9AI Score

0.003EPSS

2024-06-11 07:00 AM
1
githubexploit

9.8CVSS

7.1AI Score

0.853EPSS

2024-06-11 02:34 AM
12
osv
osv

Moderate: rpm-ostree security update

The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and...

6.2CVSS

6.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
3
redos
redos

ROS-20240611-14

The QEMU hardware emulator vulnerability is related to an infinite loop error in QEMU emulation of a USB xHCI controller when calculating the length of the transfer request block (TRB) ring. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in...

7.1CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
1
wpvulndb
wpvulndb

TablePress – Tables in WordPress made easy < 2.3.2 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind

Description The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. This makes it possible for authenticated attackers, with author-level access and above, to.....

6.4CVSS

6.3AI Score

0.001EPSS

2024-06-11 12:00 AM
kaspersky
kaspersky

KLA68919 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Microsoft Office can be exploited remotely to execute arbitrary code. A...

8.8CVSS

8.6AI Score

0.002EPSS

2024-06-11 12:00 AM
4
wpvulndb
wpvulndb

Master Addons for Elementor < 2.0.5.6 - Missing Authorization via get_jltma_save_menuitem_settings()

Description The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_jltma_save_menuitem_settings function in versions up to, and including, 2.0.5.4.1. This makes it possible for unauthenticated attackers...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
almalinux
almalinux

Moderate: rpm-ostree security update

The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and...

7.5AI Score

2024-06-11 12:00 AM
redos
redos

ROS-20240611-06

A vulnerability in the OpenSSL Handler component of the Iperf3 network bandwidth measurement tool is related to the use of synchronization side-channel in RSA decryption operations. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential...

7.3AI Score

EPSS

2024-06-11 12:00 AM
1
ibm
ibm

Security Bulletin: Updating Java in Identity Insight 9.0.0.1 for security update

Summary Identity Insight customers are advised to update OpenJDK 8 to version 8.0.412 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...

7.5CVSS

6.8AI Score

EPSS

2024-06-10 10:53 PM
16
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Liberty Profile affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation as part of UMS and as an application server for container deployments. This bulletin identifies the security fixes to apply to address the vulnerability. ...

7.5CVSS

8.2AI Score

0.732EPSS

2024-06-10 10:49 PM
9
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION:...

7.5CVSS

9.4AI Score

0.732EPSS

2024-06-10 10:47 PM
12
ibm
ibm

Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update

Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.11.0 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...

7.5CVSS

6.8AI Score

EPSS

2024-06-10 08:24 PM
10
nvd
nvd

CVE-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

6.5CVSS

0.0005EPSS

2024-06-10 08:15 PM
5
cve
cve

CVE-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

7.6AI Score

0.0005EPSS

2024-06-10 08:15 PM
26
osv
osv

CVE-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

7.6AI Score

0.0005EPSS

2024-06-10 08:15 PM
1
vulnrichment
vulnrichment

CVE-2024-36414 SuiteCRM authenticated Server-Side Request Forgery

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

6.8AI Score

0.0005EPSS

2024-06-10 07:40 PM
cvelist
cvelist

CVE-2024-36414 SuiteCRM authenticated Server-Side Request Forgery

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

0.0005EPSS

2024-06-10 07:40 PM
1
ibm
ibm

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details ** CVEID: CVE-2024-22017 DESCRIPTION: **Node.js could allow a local attacker to gain elevated privileges on the system, caused by the failure of setuid() to drop all privileges...

10CVSS

8.9AI Score

EPSS

2024-06-10 05:54 PM
2
osv
osv

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in...

6.4CVSS

6.8AI Score

0.0004EPSS

2024-06-10 04:39 PM
cve
cve

CVE-2024-35677

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through...

9.8CVSS

9.1AI Score

0.001EPSS

2024-06-10 04:15 PM
28
veracode
veracode

Server-Side Request Forgery (SSRF)

langchain is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due to improper restriction of requests in the Web Research Retriever component, allowing it to reach local addresses and enabling attackers to execute port scans, access local services, and potentially read...

4.8CVSS

6.9AI Score

0.0004EPSS

2024-06-10 03:06 PM
ibm
ibm

Security Bulletin: IBM Master Data Management affected by IBM WebSphere Application Server vulnerabilities to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to...

7CVSS

7.2AI Score

0.0004EPSS

2024-06-10 02:18 PM
4
impervablog
impervablog

A European Summer of Sports is Upon Us – What Does it Mean for Security?

The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....

7AI Score

2024-06-10 01:00 PM
13
thn
thn

Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers

Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources. "This case does highlight an inherent risk in using service tags as....

7.9AI Score

2024-06-10 11:20 AM
2
nvd
nvd

CVE-2024-35741

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

8.8CVSS

0.001EPSS

2024-06-10 08:15 AM
3
cve
cve

CVE-2024-35741

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
23
cvelist
cvelist

CVE-2024-35741 WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

4.3CVSS

0.001EPSS

2024-06-10 07:41 AM
1
vulnrichment
vulnrichment

CVE-2024-35741 WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

4.3CVSS

7AI Score

0.001EPSS

2024-06-10 07:41 AM
githubexploit
githubexploit

Exploit for CVE-2024-37888

CVE-2024-37888 This repository documents vulnerability...

6.1CVSS

6.2AI Score

0.0004EPSS

2024-06-10 07:00 AM
9
osv
osv

CVE-2024-37880

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from.....

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-10 02:15 AM
2
nvd
nvd

CVE-2024-37880

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from.....

7.5CVSS

0.001EPSS

2024-06-10 02:15 AM
2
cve
cve

CVE-2024-37880

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from.....

7.5CVSS

6.4AI Score

0.001EPSS

2024-06-10 02:15 AM
5
packetstorm

7.4AI Score

0.0004EPSS

2024-06-10 12:00 AM
69
cvelist
cvelist

CVE-2024-37880

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from.....

0.001EPSS

2024-06-10 12:00 AM
6
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577: PHP CGI Argument Injection (XAMPP) 💀...

9.8CVSS

10AI Score

0.967EPSS

2024-06-09 02:18 PM
140
cve
cve

CVE-2024-24716

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-09 11:15 AM
32
nvd
nvd

CVE-2024-24716

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-09 11:15 AM
1
cvelist
cvelist

CVE-2024-24716 WordPress Awesome Support plugin <= 6.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-09 10:21 AM
1
vulnrichment
vulnrichment

CVE-2024-24716 WordPress Awesome Support plugin <= 6.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

5.4CVSS

6.9AI Score

0.0004EPSS

2024-06-09 10:21 AM
1
nvd
nvd

CVE-2024-30539

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 09:15 AM
2
cve
cve

CVE-2024-30539

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-09 09:15 AM
28
Total number of security vulnerabilities58398