The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
10CVSS
9.7AI Score
0.006EPSS
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
10CVSS
0.006EPSS
CVE-2024-3922 Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
10CVSS
0.006EPSS
CVE-2024-3922 Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
10CVSS
7.5AI Score
0.006EPSS
ElementsKit PRO < 3.6.3 - Authenticated (Contributor+) Server-Side Request Forgery
Description The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations....
8.5CVSS
6.6AI Score
0.0005EPSS
Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload
Description The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and.....
4.3CVSS
6.7AI Score
0.001EPSS
Description The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. This makes it possible for authenticated attackers, with Subscriber-level access and...
4.3CVSS
6.4AI Score
0.0004EPSS
Description The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin -...
7.5CVSS
6.3AI Score
0.001EPSS
Folders Pro < 3.0.3 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload
Description The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above,...
8.8CVSS
7.7AI Score
0.001EPSS
Sensei Pro (WC Paid Courses) < 4.24.0.1.24.0 - Authenticated (Student+) Stored Cross-Site Scripting
Description The Sensei Pro (WC Paid Courses) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.23.1.1.23.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Student-level...
6.5CVSS
5.8AI Score
0.0004EPSS
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted...
6.3AI Score
0.0004EPSS
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted...
0.0004EPSS
An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST...
0.0004EPSS
An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST...
6.9AI Score
0.0004EPSS
HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile...
0.0004EPSS
HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile...
6AI Score
0.0004EPSS
CVE-2024-2300 HP Advance Mobile Application – Potential Information Disclosure
HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile...
0.0004EPSS
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...
6.4CVSS
5.7AI Score
0.001EPSS
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...
6.4CVSS
0.001EPSS
7.3AI Score
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...
6.4CVSS
5.8AI Score
0.001EPSS
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...
6.4CVSS
0.001EPSS
10CVSS
7.8AI Score
0.006EPSS
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....
9.8CVSS
8.7AI Score
0.05EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tail_call_reachable rejection for interpreter when jit failed During testing of f263a81451c1 ("bpf: Track subprog poke descriptors correctly and fix use-after-free") under various failure conditions, for example, when...
6.7AI Score
0.0004EPSS
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted...
0.0004EPSS
Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization
Description The Sensei LMS and Sensei Pro (WC Paid Courses) plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flush_rewrite_rules() function in versions up to, and including, 4.23.1 and . 4.24.0.1.24.0 respectively. This makes it...
6.4AI Score
EPSS
An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST...
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31881 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)...
6.5CVSS
6.5AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details ** CVEID: CVE-2024-31880 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2...
7AI Score
EPSS
Summary IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. Vulnerability Details ** CVEID: CVE-2024-28757 DESCRIPTION: **libexpat could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...
6.1AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-28762 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to denial of service with a specially...
5.3CVSS
6.5AI Score
0.0004EPSS
Summary IBM® Db2® is affected by a vulnerability in the open source zlib library. Vulnerability Details ** CVEID: CVE-2023-45853 DESCRIPTION: **MiniZip is vulnerable to a denial of service, caused by an integer overflow and resultant heap-based buffer overflow in the zipOpenNewFileInZip4_64...
9.8CVSS
7.2AI Score
0.001EPSS
Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
CVE-2024-34821 WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability
Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...
5.3CVSS
0.0004EPSS
CVE-2024-34821 WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability
Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
7.3AI Score
7.3AI Score
7.3AI Score
Apple Launches Private Cloud Compute for Privacy-Centric AI Processing
Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture.....
7.4AI Score
June 11, 2024—KB5039274 (Security-only update)
June 11, 2024—KB5039274 (Security-only update) __ End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see...
9.8CVSS
9.5AI Score
0.003EPSS
June 11, 2024—KB5039266 (Security-only update)
June 11, 2024—KB5039266 (Security-only update) __ End of support information Windows Server 2008 SP2 Extended Security Updates (ESU) third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see...
9.8CVSS
9.5AI Score
0.003EPSS
June 11, 2024—KB5039225 (OS Build 10240.20680)
June 11, 2024—KB5039225 (OS Build 10240.20680) 12/8/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1507, see its update history page. Highlights This update...
9.8CVSS
9.7AI Score
0.003EPSS
June 11, 2024—KB5039227 (OS Build 20348.2527)
June 11, 2024—KB5039227 (OS Build 20348.2527) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when.....
9.8CVSS
7.3AI Score
0.003EPSS
June 11, 2024—KB5039214 (OS Build 14393.7070)
June 11, 2024—KB5039214 (OS Build 14393.7070) 11/19/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1607, see its update history page. Highlights This update...
9.8CVSS
9.8AI Score
0.003EPSS
June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529)
June 11, 2024—KB5039211 (OS Builds 19044.4529 and 19045.4529) UPDATED 06/11/24 REMINDER The following editions of Windows 10, version 21H2 are at end of service today, June 11, 2024:- Windows 10 Enterprise and Education- Windows 10 IoT Enterprise- Windows 10 Enterprise multi-sessionAfter that...
9.8CVSS
7.5AI Score
0.003EPSS
June 11, 2024—KB5039260 (Monthly Rollup)
June 11, 2024—KB5039260 (Monthly Rollup) Important The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only.....
9.8CVSS
9.5AI Score
0.003EPSS
June 11, 2024—KB5039217 (OS Build 17763.5936)
June 11, 2024—KB5039217 (OS Build 17763.5936) 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights This update...
9.8CVSS
9.8AI Score
0.003EPSS
June 11, 2024—KB5039236 (OS Build 25398.950)
June 11, 2024—KB5039236 (OS Build 25398.950) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...
9.8CVSS
9.9AI Score
0.003EPSS