podman security and bug fix update
An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of....
8.6CVSS
7.2AI Score
0.0005EPSS
skopeo security and bug fix update
An update is available for skopeo. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The skopeo command lets you inspect images from container image registries,...
4.3CVSS
7.4AI Score
0.0005EPSS
Moderate: buildah bug fix update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...
5.6AI Score
0.0004EPSS
Dell notifies customers about data breach
Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer...
7.5AI Score
Actions for critical infrastructure organizations to take today to mitigate cyber threats from ransomware: Install updates for operating systems, software, and firmware as soon as they are released. Require phishing-resistant MFA for as many services as possible. Train users to recognize and...
10CVSS
6.1AI Score
0.967EPSS
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through...
4.3CVSS
5.4AI Score
0.0004EPSS
CVE-2024-3828 Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated...
8.8CVSS
6.8AI Score
0.0004EPSS
CVE-2024-3828 Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated...
8.8CVSS
9.2AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d53c30c1-0d7b-11ef-ba02-6cc21735f730 advisory. Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table ownermore details ...
3.1CVSS
3.7AI Score
0.0004EPSS
Shopping Cart & eCommerce Store < 5.6.5 - Sensitive Information Exposure
Description The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order...
6.3AI Score
0.0005EPSS
6.4CVSS
7.2AI Score
0.0004EPSS
TotalCloud Insights: A Wake-Up Call on Cloud Database Security Failure Rates
In part 1 of this two-part blog, we explored how to safeguard cloud databases from SQL Server threats and lateral movement risks. In this second part, we turn our focus to a comparative analysis of database security across three major cloud service providers (CSPs), AWS, Azure, and GCP, as well as....
7.4AI Score
A new alert system from CISA seems to be effective — now we just need companies to sign up
One of the great cybersecurity challenges organizations currently face, especially smaller ones, is that they don't know what they don't know. It's tough to have your eyes on everything all the time, especially with so many pieces of software running and IoT devices extending the reach of networks....
9.8CVSS
8.9AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 164 vulnerabilities disclosed in 145...
9.8CVSS
9.7AI Score
EPSS
How to Create Collaboration and Shared Goals with IT and Security Teams
In today’s ITSM landscape, merging IT operations and security practices is no longer “ideal”, but imperative. According to a recent Gartner® Board of Directors Survey 1, 88% of respondents indicated that their organization perceives cybersecurity as a business risk. This was up from 58% in 2016,...
7.4AI Score
(RHSA-2024:2666) Moderate: OpenShift Container Platform 4.14.24 security and extras update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.24. See the following advisory for the container...
7.4AI Score
0.0004EPSS
Layered Defense to Stop Attacks Before they Begin
Ransomware has evolved from opportunistic attacks to highly orchestrated campaigns driven by cyber criminals who are seeking high financial gains. Ransomware-as-a-Service has increased due to its lowered barrier to entry, allowing even those with limited technical expertise to launch devastating...
7.7AI Score
alpitronic Hypercharger EV Charger
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: alpitronic Equipment: Hypercharger EV charger Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker disabling...
7.6AI Score
0.0004EPSS
DocGo patient health data stolen in cyberattack
Medical health care provider DocGo has disclosed in a form 8-K that it experienced a cybersecurity incident involving some of the company’s systems. As part of the investigation of the incident, the company says it has determined that the attacker accessed and acquired data, including certain...
7.7AI Score
Description The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a form field in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for...
5.8AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ee6936da-0ddd-11ef-9c21-901b0e9408dc advisory. Tailscale team reports: In Tailscale versions earlier than 1.66.0, exit nodes, subnet...
7.1AI Score
FreeBSD : Gitlab -- vulnerabilities (fbc2c629-0dc5-11ef-9850-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fbc2c629-0dc5-11ef-9850-001b217b3468 advisory. Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipeline...
6.5CVSS
5.8AI Score
EPSS
FreeBSD : electron29 -- multiple vulnerabilities (ec994672-5284-49a5-a7fc-93c02126e5fb)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ec994672-5284-49a5-a7fc-93c02126e5fb advisory. Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to...
7.7AI Score
0.0005EPSS
Spectra Pro < 1.1.6 - Authenticated (Author+) Privilege Escalation
Description The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for...
6.8AI Score
0.0004EPSS
Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely –...
8.5AI Score
Oracle Linux 9 : buildah (ELSA-2024-2550)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2550 advisory. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into...
6.3AI Score
0.0004EPSS
FreeBSD : electron29 -- multiple vulnerabilities (059a99a9-45e0-492b-b9f9-5a79573c8eb6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 059a99a9-45e0-492b-b9f9-5a79573c8eb6 advisory. Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to...
8.8CVSS
9.4AI Score
0.001EPSS
U.S. Charges Russian Man as Boss of LockBit Ransomware Group
The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack....
6.8AI Score
Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator
The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development...
7.1AI Score
New Case Study: The Malicious Comment
How safe is your comments section? Discover how a seemingly innocent 'thank you' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study here. When is a 'Thank you' not a 'Thank you'? When it's a...
6.8AI Score
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to...
9.1CVSS
7.7AI Score
0.001EPSS
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to...
9.1CVSS
9.6AI Score
0.001EPSS
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated...
9.8CVSS
9.9AI Score
0.0004EPSS
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated...
9.8CVSS
7.9AI Score
0.0004EPSS
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to...
9.1CVSS
9.8AI Score
0.001EPSS
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated...
9.8CVSS
10AI Score
0.0004EPSS
Description The ChatBot Conversational Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.7AI Score
0.0004EPSS
Oracle Linux 9 : podman (ELSA-2024-2548)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2548 advisory. A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build...
8.6CVSS
7.1AI Score
0.0005EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...
7.8CVSS
7.1AI Score
EPSS
RegistrationMagic < 5.3.2.1 - Reflected Cross-Site Scripting
Description The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 5.3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for...
6.5AI Score
0.0004EPSS
Oracle Linux 9 : skopeo (ELSA-2024-2549)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2549 advisory. Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE...
4.3CVSS
6.6AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through...
5.9CVSS
6.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through...
5.9CVSS
6.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through...
5.9CVSS
6.8AI Score
0.0004EPSS
Litestar and Starlite vulnerable to Path Traversal
Summary Local File Inclusion via Path Traversal in LiteStar Static File Serving A Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to...
8.2CVSS
7.8AI Score
0.0004EPSS
Litestar and Starlite vulnerable to Path Traversal
Summary Local File Inclusion via Path Traversal in LiteStar Static File Serving A Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to...
8.2CVSS
7.6AI Score
0.0004EPSS
Introducing CyberSecurity Asset Management 3.0 with Expanded Discovery and Cyber Risk Assessment
Qualys is re-defining attack surface management with CyberSecurity Asset Management (CSAM) 3.0, expanding the most comprehensive attack surface coverage on the market to include patent-pending EASM discovery and scan, passive sensing for unmanaged/untrusted devices built in to the Qualys agent,...
7.6AI Score
Financial cyberthreats in 2023
Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...
7.3AI Score
Description The Contact Form by WPForms – Drag & Drop Form Builder for WordPress is vulnerable to price manipulation. This is due to a lack of controls on several product parameters, making it possible for unauthenticated attackers to manipulate prices, product information, and quantities for...
7AI Score
0.001EPSS
WordPress Avada Theme < 7.11.7 Information Disclosure Vulnerability
The WordPress Avada theme is prone to an information disclosure ...
5.3CVSS
6.8AI Score
0.001EPSS