Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through...
5.3CVSS
0.0004EPSS
Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)
Summary Vulnerability in Python could allow a remote attacker to obtain sensitive information (CVE-2024-28757). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-28757 DESCRIPTION: **libexpat could allow a remote attacker to obtain...
6.8AI Score
0.0004EPSS
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...
6.5CVSS
0.001EPSS
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...
6.5CVSS
6.2AI Score
0.001EPSS
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...
6.5CVSS
0.001EPSS
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...
6.5CVSS
5.9AI Score
0.001EPSS
AIX is affected by information disclosure due to Python (CVE-2024-28757)
IBM SECURITY ADVISORY First Issued: Thu Jun 13 15:37:38 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory9.asc Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)...
7.3AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.9AI Score
EPSS
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
7.1CVSS
6.8AI Score
0.0004EPSS
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
7.1CVSS
0.0004EPSS
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
7.1CVSS
6.8AI Score
0.0004EPSS
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
7.1CVSS
0.0004EPSS
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
7.1CVSS
6.6AI Score
0.0004EPSS
Web Directory Free < 1.7.0 - SQL Injection
The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...
7.5AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.1CVSS
9.3AI Score
0.002EPSS
Operation Celestial Force employs mobile and desktop malware to target Indian entities
By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...
7.2AI Score
Cinterion EHS5 3G UMTS/HSPA Module Research
Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...
6.4CVSS
8.2AI Score
0.002EPSS
The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....
2.7CVSS
0.0004EPSS
The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....
2.7CVSS
3.5AI Score
0.0004EPSS
CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI
The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....
2.7CVSS
6.3AI Score
0.0004EPSS
CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI
The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....
2.7CVSS
0.0004EPSS
Cloned-Restore Fails on OpenShift Clusters with ImagePull Error
Veeam Support Knowledge Base answer to: Cloned-Restore Fails on OpenShift Clusters with ImagePull...
7.1AI Score
Option to Add Veeam Kasten for Kubernetes Does Not Appear in Veeam Backup & Replication
This issue may occur if the Veeam Kubernetes Service is not running and needs to be started or the Kasten Plug-In is not...
7.1AI Score
Description The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin -...
7.5CVSS
6.3AI Score
0.001EPSS
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack...
6.5CVSS
6.1AI Score
0.001EPSS
XFS Volume Restore Fails to Mount
The UUID is the unique identifier pointing to the partition, and hence it is not unique anymore with the cloned volume on the...
7.1AI Score
Clone Job Fails Due to Security Context Constraints (SCC) Issue
Cloned-restore jobs time out and eventually fail because an application's security context provides permissions in the original application...
7.2AI Score
Description The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it...
6.4CVSS
5.8AI Score
0.0004EPSS
DR Restore - Internal error occurred: Could not retrieve artifacts for prefix
During the DR restore process the catalog service is scaled down, so when the DR Restore is re-initiated, it searches for the catalog which is not available at that time because it has been scaled...
7.2AI Score
WP Docs < 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject...
6.5CVSS
5.8AI Score
0.0004EPSS
WP Docs < 2.1.4 - Reflected Cross-Site Scripting
Description The WP Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
7.1CVSS
6.3AI Score
0.0004EPSS
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site...
9.8CVSS
0.001EPSS
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site...
9.8CVSS
9.4AI Score
0.001EPSS
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site...
9.8CVSS
0.001EPSS
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
CVE-2024-4898-Poc CVE-2024-4898 InstaWP Connect – 1-click WP...
9.8CVSS
7.1AI Score
0.001EPSS
CVE-2023-44234 WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...
4.3CVSS
7.2AI Score
0.0004EPSS
CVE-2023-44234 WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...
4.3CVSS
0.0004EPSS
CVE-2023-38395 WordPress WP Clone Menu plugin <= 1.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through...
5.4CVSS
0.0004EPSS
10CVSS
7.8AI Score
0.006EPSS
Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT) / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...
3.7CVSS
7.2AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Restore allocated resources on failed copyout Fix a resource leak if an error...
6.9AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...
6.5CVSS
7.8AI Score
EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1983-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1983-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...
7.8CVSS
8.5AI Score
0.001EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 479df73e-2838-11ef-9cab-4ccc6adda413 advisory. David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via...
7.9AI Score
EPSS
WP Time Slots Booking Form < 1.2.12 - Missing Authorization
Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the data_management() function in versions up to, and including, 1.2.11. This makes it possible for unauthenticated attackers to view slot...
9.8CVSS
6.6AI Score
0.001EPSS
WP Visitors Tracker < 2.4 - Reflected Cross-Site Scripting
Description The WP Visitors Tracker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
7.1CVSS
6.3AI Score
0.0004EPSS