Lucene search

K

Launchpad – Coming Soon & Maintenance Mode Plugin Security Vulnerabilities

cvelist
cvelist

CVE-2023-35040 WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-13 11:51 PM
1
vulnrichment
vulnrichment

CVE-2023-35045 WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-13 11:50 PM
cvelist
cvelist

CVE-2023-35045 WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-13 11:50 PM
2
cvelist
cvelist

CVE-2023-36504 WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-13 11:48 PM
3
cvelist
cvelist

CVE-2023-36694 WordPress Kingkong Board plugin <= 2.1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through...

6.3CVSS

0.0004EPSS

2024-06-13 11:47 PM
3
cvelist
cvelist

CVE-2023-36695 WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-13 11:46 PM
vulnrichment
vulnrichment

CVE-2023-36695 WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-13 11:46 PM
cvelist
cvelist

CVE-2023-37394 WordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-13 11:44 PM
1
nvd
nvd

CVE-2024-0086

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

0.0004EPSS

2024-06-13 10:15 PM
2
cve
cve

CVE-2024-0086

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

5.4AI Score

0.0004EPSS

2024-06-13 10:15 PM
10
cvelist
cvelist

CVE-2024-0086 CVE

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

0.0004EPSS

2024-06-13 09:23 PM
3
vulnrichment
vulnrichment

CVE-2024-0086 CVE

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

5.3AI Score

0.0004EPSS

2024-06-13 09:23 PM
talosblog
talosblog

How we can separate botnets from the malware operations that rely on them

As I covered in last week's newsletter, law enforcement agencies from around the globe have been touting recent botnet disruptions affecting the likes of some of the largest threat actors and malware families. Operation Endgame, which Europol touted as the "largest ever operation against botnets,"....

7.1AI Score

2024-06-13 06:00 PM
2
nvd
nvd

CVE-2024-38281

An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the...

0.0004EPSS

2024-06-13 05:15 PM
1
cve
cve

CVE-2024-38281

An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the...

6.6AI Score

0.0004EPSS

2024-06-13 05:15 PM
9
vulnrichment
vulnrichment

CVE-2024-38281 Use of Hard-coded Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the...

7.2AI Score

0.0004EPSS

2024-06-13 05:10 PM
cvelist
cvelist

CVE-2024-38281 Use of Hard-coded Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the...

0.0004EPSS

2024-06-13 05:10 PM
1
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.8AI Score

EPSS

2024-06-13 03:35 PM
1
cve
cve

CVE-2024-28967

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-13 03:15 PM
10
nvd
nvd

CVE-2024-28967

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...

5.4CVSS

0.0004EPSS

2024-06-13 03:15 PM
1
cvelist
cvelist

CVE-2024-28967

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...

5.4CVSS

0.0004EPSS

2024-06-13 02:57 PM
1
vulnrichment
vulnrichment

CVE-2024-28967

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-13 02:57 PM
osv
osv

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.9AI Score

0.0004EPSS

2024-06-13 02:15 PM
nvd
nvd

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

0.0004EPSS

2024-06-13 02:15 PM
cve
cve

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.3AI Score

0.0004EPSS

2024-06-13 02:15 PM
10
vulnrichment
vulnrichment

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.3AI Score

0.0004EPSS

2024-06-13 01:46 PM
1
cvelist
cvelist

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

0.0004EPSS

2024-06-13 01:46 PM
1
malwarebytes
malwarebytes

Update now! Google Pixel vulnerability is under active exploitation

Google has notified Pixel users about an actively exploited vulnerability in their phones' firmware. Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device. About the vulnerability,...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-13 01:33 PM
2
veracode
veracode

Improper Authorization

@strapi/plugin-content-manager is vulnerable to Improper Authorization. The vulnerability is due to improper access control, allowing users with the Author Role to see items in a collection associated with another collection that they did not...

2.3CVSS

6.5AI Score

0.0004EPSS

2024-06-13 12:16 PM
ics
ics

Motorola Solutions Vigilant License Plate Readers

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Motorola Solutions Equipment: Vigilant Fixed LPR Coms Box (BCAV1F2-C600) Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Cleartext Storage in a File or on Disk, Use...

7.6AI Score

0.0004EPSS

2024-06-13 12:00 PM
ics
ics

Siemens SIMATIC and SIPLUS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

9.9AI Score

EPSS

2024-06-13 12:00 PM
ics
ics

Siemens SCALANCE XM-400, XR-500

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

10AI Score

0.004EPSS

2024-06-13 12:00 PM
securelist
securelist

Cinterion EHS5 3G UMTS/HSPA Module Research

Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...

6.4CVSS

8.2AI Score

0.001EPSS

2024-06-13 10:00 AM
3
githubexploit
githubexploit

Exploit for Insufficiently Protected Credentials in Jetbrains Aqua

CVE-2024-37051 Analysis Overview CVE-2024-37051 is a...

9.3CVSS

6.8AI Score

0.001EPSS

2024-06-13 09:15 AM
49
cve
cve

CVE-2024-4371

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

9.3AI Score

0.0004EPSS

2024-06-13 09:15 AM
11
nvd
nvd

CVE-2024-4371

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

0.0004EPSS

2024-06-13 09:15 AM
1
nvd
nvd

CVE-2024-3073

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

0.0004EPSS

2024-06-13 09:15 AM
1
cve
cve

CVE-2024-3073

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

3.5AI Score

0.0004EPSS

2024-06-13 09:15 AM
11
cve
cve

CVE-2024-0979

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary.....

6.1CVSS

6AI Score

0.0005EPSS

2024-06-13 09:15 AM
11
nvd
nvd

CVE-2024-0979

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary.....

6.1CVSS

0.0005EPSS

2024-06-13 09:15 AM
1
cve
cve

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 09:15 AM
10
nvd
nvd

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 09:15 AM
1
cvelist
cvelist

CVE-2024-0979 Dashboard Widgets Suite <= 3.4.3 - Reflected Cross-Site Scripting

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary.....

6.1CVSS

0.0005EPSS

2024-06-13 08:31 AM
2
cvelist
cvelist

CVE-2024-4371 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

0.0004EPSS

2024-06-13 08:31 AM
2
vulnrichment
vulnrichment

CVE-2024-4371 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

7.4AI Score

0.0004EPSS

2024-06-13 08:31 AM
1
vulnrichment
vulnrichment

CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

6.3AI Score

0.0004EPSS

2024-06-13 08:31 AM
cvelist
cvelist

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 08:31 AM
3
cvelist
cvelist

CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

0.0004EPSS

2024-06-13 08:31 AM
2
vulnrichment
vulnrichment

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-13 08:31 AM
cve
cve

CVE-2024-4615

The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-13 08:16 AM
13
Total number of security vulnerabilities328238