ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Summary By default, the Redis database server is not password-protected. Consequently, an attacker with access to the Redis server can gain read/write access to the data in Redis. The attacker can also modify the "mfst" (manifest) key to cause ArgoCD to execute any deployment, potentially...
7.4AI Score
0.0004EPSS
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Summary By default, the Redis database server is not password-protected. Consequently, an attacker with access to the Redis server can gain read/write access to the data in Redis. The attacker can also modify the "mfst" (manifest) key to cause ArgoCD to execute any deployment, potentially...
7.4AI Score
0.0004EPSS
Talos releases new macOS open-source fuzzer
Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware. Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework. Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare...
6.6AI Score
Unbreakable Enterprise kernel security update
[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....
8.3AI Score
The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
6AI Score
0.0004EPSS
The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.3AI Score
0.0004EPSS
Visual Footer Credit Remover < 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.8AI Score
0.0004EPSS
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details ** CVEID: CVE-2020-13920 DESCRIPTION: **Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to...
9.6AI Score
0.84EPSS
libreswan security and bug fix update
[4.12-1.0.1.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-1.1] - Fix CVE-2024-2357 (RHEL-29734) - x509: unpack IPv6 general names based on length (RHEL-32719) [4.12-1] - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Resolves: rhbz#2215956 [4.9-5] -...
7.5AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has...
6.3CVSS
8.1AI Score
0.0004EPSS
CVE-2024-3536 Campcodes Church Management System delete_log.php sql injection
A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has...
6.9AI Score
0.0004EPSS
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit....
6.3CVSS
8AI Score
0.0004EPSS
CVE-2024-3425 SourceCodester Online Courseware activateall.php sql injection
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit....
6.9AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has.....
6.3CVSS
7.9AI Score
0.0004EPSS
CVE-2024-3423 SourceCodester Online Courseware activateteach.php sql injection
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has.....
6.9AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has...
6.3CVSS
8AI Score
0.0004EPSS
CVE-2024-3422 SourceCodester Online Courseware activatestud.php sql injection
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has...
6.9AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit...
6.3CVSS
7.8AI Score
0.0004EPSS
CVE-2024-3421 SourceCodester Online Courseware deactivatestud.php sql injection
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit...
6.9AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit...
6.3CVSS
7.9AI Score
0.0004EPSS
CVE-2024-3418 SourceCodester Online Courseware deactivateteach.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit...
6.9AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
0.0004EPSS
(RHSA-2024:1676) Important: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug...
7AI Score
0.962EPSS
(RHSA-2024:1675) Important: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug...
7AI Score
0.962EPSS
(RHSA-2024:1674) Important: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug...
7AI Score
0.962EPSS
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1675 advisory. undertow: unrestricted request storage leads to memory exhaustion (CVE-2023-1973) undertow: Cookie Smuggling/Spoofing (CVE-2023-4639) ...
7.1AI Score
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1676 advisory. undertow: unrestricted request storage leads to memory exhaustion (CVE-2023-1973) undertow: Cookie Smuggling/Spoofing (CVE-2023-4639) ...
7.1AI Score
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1674 advisory. undertow: unrestricted request storage leads to memory exhaustion (CVE-2023-1973) undertow: Cookie Smuggling/Spoofing (CVE-2023-4639) ...
7.1AI Score
Description The Dropdown multisite selector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
5.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through...
6.4AI Score
0.0004EPSS
Malicious code in region-selector-content (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ff0393e9f3a6a405065088df076729bb9436bdad64329c0f3eb1dfd8a5ad6638) The OpenSSF Package Analysis project identified 'region-selector-content' @ 99.3.0 (npm) as malicious. It is considered malicious because: The...
7.3AI Score
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...
5.5AI Score
0.0004EPSS
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...
6AI Score
0.001EPSS
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...
6.5AI Score
0.003EPSS
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS....
6.5AI Score
0.004EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0338-1)
The remote host is missing an update for...
6.4AI Score
0.002EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0298-1)
The remote host is missing an update for...
9.4AI Score
0.296EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0297-1)
The remote host is missing an update for...
9.4AI Score
0.296EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0337-1)
The remote host is missing an update for...
6.3AI Score
0.002EPSS
openSUSE: Security Advisory for exim (openSUSE-SU-2024:0007-1)
The remote host is missing an update for...
6.9AI Score
0.005EPSS
openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0068-1)
The remote host is missing an update for...
7.4AI Score
0.002EPSS
KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...
6.1AI Score
0.0004EPSS
KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...
6.1AI Score
0.0004EPSS
CentOS 9 : libreswan-4.9-4.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the libreswan-4.9-4.el9 build changelog. remote DoS via crafted TS payload with an incorrect selector length (rhbz#2173674) (CVE-2023-23009) pluto in Libreswan before 4.11...
7.5AI Score
KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...
6.2AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...
7.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...
5.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title...
5.7AI Score
0.0005EPSS
The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all...
6.5AI Score
0.001EPSS