HP PageWide Printers; HP OfficeJet Pro Printers Security Vulnerabilities

CVE-2024-32676

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...

CVE-2024-32676 WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...

CVE-2024-32676 WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...

CoralRaider’s Malware Campaign Distributing Stealers Via CDN Cache

...

ToddyCat’s Toolkit and Tactics Fueling Data Theft

...

WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File

Description The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated...

HP Software Packages (SoftPaqs) – Potential Escalation of Privilege

Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs). HP has provided updated software packages (SoftPaqs) available from our...

Product Addons & Fields for WooCommerce < 32.0.19 - Unauthenticated Arbitrary File Upload via ppom_upload_file

Description The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload...

LoginPress Pro < 3.0.0 - Unauthenticated License Activation/Deactivation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check, allowing unauthenticated attacks to activate and deactivate...

LoginPress Pro < 3.0.0 - Captcha Bypass

Description The plugin is vulnerable to Bypass, allowing unauthenticated attackers to bypass the Captcha...

ElementsKit Pro < 3.6.1 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets

Description The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include...

CVE-2024-32677

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before...

CVE-2024-32677

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before...

CVE-2024-32677 WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before...

CVE-2024-32794

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

CVE-2024-32794

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

CVE-2024-32793

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

CVE-2024-32793

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

CVE-2024-32793 WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

CVE-2024-32794 WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

Over 300k WordPress Sites Affected by Forminator Plugin Flaws

...

Gradio - Server Side Request Forgery

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...

CVE-2024-32952

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for Bricks: from n/a through...

CVE-2024-32952

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for Bricks: from n/a through...

CVE-2024-32952 WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for Bricks: from n/a through...

CVE-2024-32951

Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through...

CVE-2024-32951

Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through...

CVE-2024-32951 WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability

Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through...

C2-Tracker - Live Feed Of C2 Servers, Tools, And Botnets

Free to use IOC feed for various tools/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as well. It uses shodan.io/"&gt;Shodan searches to collect the IPs. The most recent collection is always stored in data; the IPs are broken down by tool and there ...

Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More < 13.3.2 - Sensitive Information Exposure via Log Files

Description The Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 13.3.1 via log files. This makes it possible for...

Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More < 13.2.6 - Reflected Cross-Site Scripting

Description The Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 13.2.5 due to insufficient input sanitization and output...

CVE-2024-21972

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

CVE-2024-21979

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...

CVE-2024-32679

Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through...

CVE-2024-32679

Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through...

Attacks, Vulnerabilities and Actors 15 to 21 April 2024

...

CVE-2024-32679 WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through...

CVE-2024-32679 WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through...

Middle East Targeted with CR4T Malware in DuneQuixote Campaign

...

Earth Hundun’s Deuterbear Sets Sights on High-Value Sectors

...

CVE-2024-3651

[potential DoS via resource consumption via specially crafted inputs to idna.encode()] Bugs http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069127 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://github.com/kjd/idna/issues/175 Notes Author| Note ---|--- mdeslaur | On focal and...

FileOrganizer and FileOrganizer Pro < 1.0.7 - Authenticated Stored Cross-Site Scripting

Description The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated.....

CVE-2023-38297

An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup (versionCode='3', versionName='2.1)....

CVE-2023-38297

An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup (versionCode='3', versionName='2.1)....

CVE-2023-38301

An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...

CVE-2023-38301

An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...

CVE-2024-3645

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'....

CVE-2024-3645

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'....

CVE-2024-3645

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'....

CVE-2023-38301

An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...