Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS
Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs). Exploitation of the discovered...
8.8CVSS
9.1AI Score
0.001EPSS
Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS
Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs). Exploitation of the discovered...
8.8CVSS
9.1AI Score
0.001EPSS
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 31, 2023 to August 6, 2023)
Last week, there were 29 vulnerabilities disclosed in 24 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 18 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
9.8CVSS
8.6AI Score
0.001EPSS
Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality...
6.7AI Score
7.1AI Score
weDevs Addresses Privilege Escalation Vulnerability in WP Project Manager WordPress Plugin
On July 9, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in weDevs’s WP Project Manager plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible...
8.8CVSS
6.9AI Score
0.001EPSS
New Microsoft Security innovations expand multicloud visibility and enhance multiplatform protection
With more than 90 percent of organizations adopting a multicloud strategy1 and cloud-based cyberattacks growing 48 percent year over year,2 securing multicloud and hybrid environments is more important than ever. To successfully protect multicloud infrastructure—where customers are utilizing two...
7.4AI Score
New Microsoft Security innovations expand multicloud visibility and enhance multiplatform protection
With more than 90 percent of organizations adopting a multicloud strategy1 and cloud-based cyberattacks growing 48 percent year over year,2 securing multicloud and hybrid environments is more important than ever. To successfully protect multicloud infrastructure—where customers are utilizing two...
7.4AI Score
Quantum Q-Series SLP Detection
The remote host indicates that it is a Quantum Q-Series SAN via its SLP attribute...
7AI Score
I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview has....
6.9AI Score
I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview has....
6.9AI Score
You Can’t Rush Post-Quantum-Computing Cryptography Standards
I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards. This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum...
6.8AI Score
In the first 6 months of 2023, our team has already added 2,471[1] individual vulnerability records to the Wordfence Intelligence WordPress Vulnerability Database. These vulnerabilities affected 1,680[2] WordPress software components. This means we have already surpassed the total number of...
9.1AI Score
openSUSE 15 Security Update : ImageMagick (SUSE-SU-2023:3186-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:3186-1 advisory. A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum- private.h. This issue may allow a local attacker to...
5.6AI Score
CBEthCollateral and AnkrStakedEthCollateral _underlyingRefPerTok is incorrect
Lines of code https://github.com/reserve-protocol/protocol/blob/9ee60f142f9f5c1fe8bc50eef915cf33124a534f/contracts/plugins/assets/ankr/AnkrStakedEthCollateral.sol#L58-L61 Vulnerability details The CBEthCollateral._underlyingRefPerTok() function just uses CBEth.exchangeRate() to get the ref/tok...
6.9AI Score
Issue Overview: A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash,...
6.9AI Score
0.0004EPSS
Issue Overview: A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash,...
5.5AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 24, 2023 to July 30, 2023)
Last week, there were 64 vulnerabilities disclosed in 66 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....
9.8CVSS
8.4AI Score
0.004EPSS
Siemens PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. This plugin only works with Tenable.ot. Please visit...
7.5AI Score
On June 8, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in WebToffee’s Stripe Payment Plugin for WooCommerce plugin, which is actively installed on more than 10,000 WordPress websites. This...
7.6AI Score
WordPress Stripe Payment Plugin For WooCommerce 3.7.7 Authentication Bypass Vulnerability
WordPress Stripe Payment Plugin for WooCommerce plugin versions 3.7.7 and below suffer from an authentication bypass...
9.9AI Score
0.001EPSS
7.1AI Score
The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6.3AI Score
0.0005EPSS
The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6.3AI Score
0.0005EPSS
CVE-2023-3292 Grid Kit Premium < 2.2.0 - Multiple Reflected Cross-Site Scripting
The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1AI Score
0.0005EPSS
PSA: Wordfence Brand Being Actively Used in Phishing Campaigns
Earlier this week we became aware that malicious actors are using Wordfence brand image to run a phishing scam on WordPress and Wordfence users, posing as unknown login notifications from their own website while linking to a fake login page, clearly aiming to steal WordPress login credentials. If.....
7AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)
Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities....
8.8CVSS
8.4AI Score
0.002EPSS
How to set up computer security for your parents
Last Sunday (July 23, 2023) was National Parents Day. And maybe you are wondering how you can repay your parent(s) for turning you into the person you are today. And we have an idea that shouldn't cost you much more than some of your time. Help them to shore up their cybersecurity, if they need...
7AI Score
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a...
5.5CVSS
5.3AI Score
0.0004EPSS
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a...
7.2AI Score
0.0004EPSS
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a...
6.4AI Score
0.0004EPSS
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a...
5.5CVSS
5.3AI Score
0.0004EPSS
CVE-2023-3745 Imagemagick: heap-buffer-overflow in pushcharpixel() in quantum-private.h
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a...
6.3AI Score
0.0004EPSS
Jupiter X Core <= 2.5.0 - Unauthenticated Arbitrary File Download
Description The plugin does not have authorisation checks and does not validate file paths in the handle_file_download function, allowing unauthenticated users to download arbitrary files from the server when the premium version of the plugin is...
7.5CVSS
7.7AI Score
0.002EPSS
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a...
6.6AI Score
0.0004EPSS
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems
Plus: Microsoft expands access to premium security features, AI child sexual abuse material is on the rise, and Netflix’s password crackdown has its intended...
7.1AI Score
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the...
7.5CVSS
7.6AI Score
0.001EPSS
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the...
7.5CVSS
7.6AI Score
0.001EPSS
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the...
6.9AI Score
0.001EPSS
Open Babel PQS format coord_file out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1671 Open Babel PQS format coord_file out-of-bounds write vulnerability July 21, 2023 CVE Number CVE-2022-43467 SUMMARY An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A...
7.6AI Score
0.001EPSS
Open Babel PQS format pFormat uninitialized pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1670 Open Babel PQS format pFormat uninitialized pointer dereference vulnerability July 21, 2023 CVE Number CVE-2022-46280 SUMMARY A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit....
7.6AI Score
0.001EPSS
Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component...
7.5CVSS
7.5AI Score
0.001EPSS
Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at...
6.1CVSS
6AI Score
0.001EPSS
Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at...
6.1CVSS
6AI Score
0.001EPSS
Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at...
6.1CVSS
6AI Score
0.001EPSS
Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component...
7.5CVSS
7.5AI Score
0.001EPSS
Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at...
6.1CVSS
6AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 10, 2023 to July 16, 2023)
Note: We accidentally sent out an email for this report with last weeks subject line. Due to the subject line not being very different week to week for this report, we opted to just leave it as is and not send a follow-up email. We apologize for this error on our part! Last week, there were 69...
8.8CVSS
7.7AI Score
0.001EPSS
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION...
7.9AI Score
0.002EPSS