Lucene search

K

Fluent Support – WordPress Helpdesk And Customer Support Ticket Plugin Security Vulnerabilities

cve
cve

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

6.7AI Score

EPSS

2024-06-17 08:15 AM
3
nvd
nvd

CVE-2024-6048

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote...

9.8CVSS

EPSS

2024-06-17 08:15 AM
cve
cve

CVE-2024-6048

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote...

9.8CVSS

7.7AI Score

EPSS

2024-06-17 08:15 AM
3
nvd
nvd

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

EPSS

2024-06-17 08:15 AM
nvd
nvd

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

EPSS

2024-06-17 08:15 AM
cve
cve

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

6.7AI Score

EPSS

2024-06-17 08:15 AM
3
cve
cve

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

6.8AI Score

EPSS

2024-06-17 08:15 AM
3
nvd
nvd

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

EPSS

2024-06-17 08:15 AM
cvelist
cvelist

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

EPSS

2024-06-17 07:34 AM
3
cvelist
cvelist

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

EPSS

2024-06-17 07:34 AM
2
cvelist
cvelist

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid...

EPSS

2024-06-17 07:33 AM
3
openbugbounty
openbugbounty

img.parismature.com Open Redirect vulnerability OBB-3935815

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:29 AM
cvelist
cvelist

CVE-2024-6048 Openfind MailGates and MailAudit - OS Command Injection

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote...

9.8CVSS

EPSS

2024-06-17 07:28 AM
2
openbugbounty
openbugbounty

protectlink.security-mail.net Open Redirect vulnerability OBB-3935814

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:24 AM
1
cve
cve

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

8.7AI Score

EPSS

2024-06-17 07:15 AM
2
nvd
nvd

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

EPSS

2024-06-17 07:15 AM
3
malwarebytes
malwarebytes

A week in security (June 10 – June 16)

Last week on Malwarebytes Labs: Truist bank confirms data breach Update now! Google Pixel vulnerability is under active exploitation Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content 23andMe data breach under joint investigation in two countries When things go...

7AI Score

2024-06-17 07:03 AM
4
wired
wired

Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train Passengers

CCTV cameras and AI are being combined to monitor crowds, detect bike thefts, and spot...

7.3AI Score

2024-06-17 07:00 AM
2
openbugbounty
openbugbounty

aardvark.com.gr Cross Site Scripting vulnerability OBB-3935809

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:33 AM
4
thn
thn

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser....

7.1AI Score

2024-06-17 06:28 AM
3
cvelist
cvelist

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

EPSS

2024-06-17 06:21 AM
2
cve
cve

CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

9.8AI Score

EPSS

2024-06-17 06:15 AM
2
nvd
nvd

CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

EPSS

2024-06-17 06:15 AM
2
cve
cve

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.6AI Score

EPSS

2024-06-17 06:15 AM
4
nvd
nvd

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

EPSS

2024-06-17 06:15 AM
2
nvd
nvd

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

EPSS

2024-06-17 06:15 AM
2
cve
cve

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

5.6AI Score

EPSS

2024-06-17 06:15 AM
6
openbugbounty
openbugbounty

heerfashion.com Cross Site Scripting vulnerability OBB-3935807

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:09 AM
2
cvelist
cvelist

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

EPSS

2024-06-17 06:00 AM
1
cvelist
cvelist

CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

EPSS

2024-06-17 06:00 AM
1
cvelist
cvelist

CVE-2024-6047 GeoVision EOL device - OS Command Injection

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

EPSS

2024-06-17 05:48 AM
2
openbugbounty
openbugbounty

mashcall.com Cross Site Scripting vulnerability OBB-3935805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 05:41 AM
2
thn
thn

NiceRAT Malware Targets South Korean Users via Cracked Software

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...

6.9AI Score

2024-06-17 05:11 AM
7
nvd
nvd

CVE-2024-6045

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

EPSS

2024-06-17 04:15 AM
2
nvd
nvd

CVE-2024-6046

SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

EPSS

2024-06-17 04:15 AM
2
cve
cve

CVE-2024-6046

SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

9.8AI Score

EPSS

2024-06-17 04:15 AM
4
cve
cve

CVE-2024-6045

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

8.4AI Score

EPSS

2024-06-17 04:15 AM
7
cvelist
cvelist

CVE-2024-6046 SECOM WRTR-304GN-304TW-UPSC - OS Command Injection

SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

EPSS

2024-06-17 03:33 AM
4
cve
cve

CVE-2024-5163

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...

7.4AI Score

EPSS

2024-06-17 03:15 AM
5
nvd
nvd

CVE-2024-5163

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...

EPSS

2024-06-17 03:15 AM
4
cvelist
cvelist

CVE-2024-6045 D-Link router - Hidden Backdoor

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

EPSS

2024-06-17 03:12 AM
5
wolfi
wolfi

GHSA-VVPX-J8F3-3W6H vulnerabilities

Vulnerabilities for packages: dynamic-localpv-provisioner, wireguard-go, grpcurl, gke-gcloud-auth-plugin, hey, go, k3d, falco,...

7.5AI Score

2024-06-17 03:08 AM
139
wolfi
wolfi

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: metacontroller, flux-helm-controller, opentofu, skaffold, cosign, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller, cluster-autoscaler, kpt, mc, pulumi-kubernetes-operator, buildkitd, scorecard, metrics-server, hey, pulumi-language-yaml,....

7.5CVSS

9AI Score

0.732EPSS

2024-06-17 03:08 AM
570
wolfi
wolfi

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

7.8AI Score

0.0004EPSS

2024-06-17 03:08 AM
175
wolfi
wolfi

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: runc, metacontroller, clusterctl, etcd, flux-helm-controller, terraform-docs, opentofu, skaffold, tekton-chains, containerd, cosign, certificate-transparency, kubevela, istio-operator, fuse-overlayfs-snapshotter, skopeo, prometheus, src, ingress-nginx-controller,...

7.5AI Score

2024-06-17 03:08 AM
159
wolfi
wolfi

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: runc, k9s, kubescape, ctop, skaffold, wolfictl, nvidia-device-plugin, nerdctl, skopeo, cadvisor, syft, ingress-nginx-controller, datadog-agent, kubernetes, telegraf, buildkitd, newrelic-infrastructure-agent, k3s, k3d, trivy, zot, docker, kaniko, zarf, grype,...

8.6CVSS

9.2AI Score

0.051EPSS

2024-06-17 03:08 AM
264
wolfi
wolfi

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: terraform-docs, skaffold, tekton-chains, nri-couchbase, certificate-transparency, kubevela, src, prometheus, terragrunt, kubecolor, kpt, kubernetes, kubernetes-event-exporter, secrets-store-csi-driver-provider-azure, nri-memcached, metrics-server, chezmoi,...

6.8AI Score

0.0004EPSS

2024-06-17 03:08 AM
52
wolfi
wolfi

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: runc, metacontroller, local-static-provisioner, clusterctl, etcd, src-fingerprint, terraform-docs, skaffold, grafana-rollout-operator, nvidia-container-toolkit, containerd, tekton-chains, tempo, cosign, certificate-transparency, skopeo, istio-operator,...

6.5AI Score

0.0004EPSS

2024-06-17 03:08 AM
16
wolfi
wolfi

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: runc, metacontroller, local-static-provisioner, clusterctl, etcd, src-fingerprint, terraform-docs, skaffold, grafana-rollout-operator, nvidia-container-toolkit, containerd, tekton-chains, tempo, cosign, certificate-transparency, skopeo, istio-operator,...

7.5AI Score

2024-06-17 03:08 AM
14
wolfi
wolfi

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: amass, flannel-cni-plugin, dgraph, docker-cli, gosu, ctop, ip-masq-agent, gitlab-logger, petname, go-licenses, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, mage, cilium-envoy, nsc, sonobuoy, kind, protoc-gen-go-grpc, wait-for-port, sbom-scorecard, influx,.....

7.5CVSS

7.9AI Score

0.001EPSS

2024-06-17 03:08 AM
56
Total number of security vulnerabilities2745724