Import WP – Import And Export WordPress Data To XML Or CSV Files Security Vulnerabilities

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife

Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in...

P2Pinfect Botnet Now Targets Servers with Ransomware, Cryptominer

The P2Pinfect botnet, once dormant, is now attacking servers with ransomware and cryptomining malware. Patch your systems to avoid data encryption and financial...

CVE-2024-6344

A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack....

CVE-2024-6344

A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack....

CVE-2024-37098

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through...

CVE-2024-37252

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through...

CVE-2024-37098

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through...

CVE-2024-37252

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through...

The US Is Banning Kaspersky

This move has been coming for a long time. The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The...

Malwarebytes Premium stops 100% of malware during AV Lab test

Malwarebytes Premium has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundation’s “Advanced In-The-Wild Malware Test.” For its performance in the May 2024 evaluation,...

CVE-2024-37098 WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through...

CVE-2024-37098 WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through...

Exploit for Path Traversal in Solarwinds Serv-U

CVE-2024-28995-SolarWinds-Serv-U **SolarWinds Serv-U File...

bo-systems.nl Cross Site Scripting vulnerability OBB-3939080

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-6344 ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting

A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack....

CVE-2024-37252 WordPress Email Subscribers by Icegram Express plugin <= 5.7.25 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through...

CVE-2024-37252 WordPress Email Subscribers by Icegram Express plugin <= 5.7.25 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through...

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka...

lvs.co.kr Cross Site Scripting vulnerability OBB-3939074

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Practical Guidance For Securing Your Software Supply Chain

The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who.....

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and....

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details ** CVEID: CVE-2023-49569 DESCRIPTION: **go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2024-37532)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the.....

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...

CVE-2023-0687 affecting package glibc 2.35-7

CVE-2023-0687 affecting package glibc 2.35-7. This CVE either no longer is or was never...

CVE-2020-4041 affecting package bolt 0.9.2-2

CVE-2020-4041 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2021-27367 affecting package bolt 0.9.2-2

CVE-2021-27367 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2019-15484 affecting package bolt 0.9.2-2

CVE-2019-15484 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2022-31321 affecting package bolt 0.9.2-2

CVE-2022-31321 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2023-0475 affecting package k3s 1.24.12-2

CVE-2023-0475 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...

CVE-2022-2929 affecting package dhcp 4.4.3-3

CVE-2022-2929 affecting package dhcp 4.4.3-3. This CVE either no longer is or was never...

CVE-2022-31629 affecting package php 7.4.14-3

CVE-2022-31629 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2022-38752 affecting package snakeyaml 1.25-2

CVE-2022-38752 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...

CVE-2022-25857 affecting package snakeyaml 1.25-2

CVE-2022-25857 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never...

CVE-2017-9120 affecting package php 7.4.14-3

CVE-2017-9120 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2017-8923 affecting package php 7.4.14-3

CVE-2017-8923 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-28543 affecting package varnish-modules 0.16.0-4

CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...

CVE-2019-12280 affecting package toolbox 0.0.18-9

CVE-2019-12280 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...

CVE-1999-1090 affecting package telnet 0.17-81

CVE-1999-1090 affecting package telnet 0.17-81. This CVE either no longer is or was never...

CVE-2021-21704 affecting package php 7.4.14-3

CVE-2021-21704 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2007-3205 affecting package php 7.4.14-3

CVE-2007-3205 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-3571 affecting package linuxptp 2.0-8

CVE-2021-3571 affecting package linuxptp 2.0-8. This CVE either no longer is or was never...

CVE-2017-1000231 affecting package ldns 1.7.0-31

CVE-2017-1000231 affecting package ldns 1.7.0-31. This CVE either no longer is or was never...

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5

CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...

CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2

CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2. This CVE either no longer is or was never...

CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2

CVE-2023-0215 affecting package shim-unsigned-x64 15.4-2. This CVE either no longer is or was never...

CVE-2022-3294 affecting package k3s 1.24.12-2

CVE-2022-3294 affecting package k3s 1.24.12-2. This CVE either no longer is or was never...

CVE-2019-15483 affecting package bolt 0.9.2-2

CVE-2019-15483 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2019-9185 affecting package bolt 0.9.2-2

CVE-2019-9185 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...

CVE-2015-7309 affecting package bolt 0.9.2-2

CVE-2015-7309 affecting package bolt 0.9.2-2. This CVE either no longer is or was never...