Lucene search

K

Newsletter – Send Awesome Emails From WordPress Security Vulnerabilities

thn
thn

How to Cut Costs with a Browser Security Platform

Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk - the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do.....

7AI Score

2024-06-25 09:42 AM
3
thn
thn

New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks

A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER. "The threat actor behind this campaign has been carrying out opportunistic SQL injection attacks against websites in various countries....

7.8AI Score

2024-06-25 09:30 AM
4
cvelist
cvelist

CVE-2024-4641 OnCell G3470A-LTE Series: Authenticated Format String Errors

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of...

6.3CVSS

EPSS

2024-06-25 09:23 AM
1
cve
cve

CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS

9.7AI Score

EPSS

2024-06-25 09:15 AM
6
nvd
nvd

CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS

EPSS

2024-06-25 09:15 AM
5
ibm
ibm

Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)

Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute.....

8.4AI Score

0.0004EPSS

2024-06-25 09:10 AM
1
cvelist
cvelist

CVE-2024-6028 Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS

EPSS

2024-06-25 08:35 AM
2
vulnrichment
vulnrichment

CVE-2024-6028 Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS

7.6AI Score

EPSS

2024-06-25 08:35 AM
cve
cve

CVE-2024-3249

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including,...

4.3CVSS

6.6AI Score

0.001EPSS

2024-06-25 07:15 AM
3
nvd
nvd

CVE-2024-3249

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including,...

4.3CVSS

0.001EPSS

2024-06-25 07:15 AM
cvelist
cvelist

CVE-2024-3249 Zita Elementor Site Library <= 1.6.2 - Missing Authorization to Page Creation and Options Modification

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including,...

4.3CVSS

0.001EPSS

2024-06-25 06:57 AM
3
nvd
nvd

CVE-2024-4759

The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...

0.0004EPSS

2024-06-25 06:15 AM
2
cve
cve

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated...

8.8CVSS

8.7AI Score

0.001EPSS

2024-06-25 06:15 AM
7
nvd
nvd

CVE-2024-4757

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

0.0004EPSS

2024-06-25 06:15 AM
1
cve
cve

CVE-2024-4757

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

5.6AI Score

0.0004EPSS

2024-06-25 06:15 AM
7
cve
cve

CVE-2024-4759

The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...

5.7AI Score

0.0004EPSS

2024-06-25 06:15 AM
7
nvd
nvd

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated...

8.8CVSS

0.001EPSS

2024-06-25 06:15 AM
1
cvelist
cvelist

CVE-2024-4759 Mime Types Extended <= 0.11 - Author+ Stored XSS via SVG Upload

The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...

0.0004EPSS

2024-06-25 06:00 AM
5
vulnrichment
vulnrichment

CVE-2024-4757 Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

5.8AI Score

0.0004EPSS

2024-06-25 06:00 AM
cvelist
cvelist

CVE-2024-4757 Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

0.0004EPSS

2024-06-25 06:00 AM
5
cvelist
cvelist

CVE-2024-5431 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated...

8.8CVSS

0.001EPSS

2024-06-25 05:41 AM
2
thn
thn

WikiLeaks' Julian Assange Released from U.K. Prison, Heads to Australia

WikiLeaks founder Julian Assange has been freed in the U.K. and has departed the country after serving more than five years in a maximum security prison at Belmarsh for what was described by the U.S. government as the "largest compromises of classified information" in its history. Capping off a...

6.8AI Score

2024-06-25 05:03 AM
13
cve
cve

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

10CVSS

9.7AI Score

0.001EPSS

2024-06-25 04:15 AM
15
nvd
nvd

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

10CVSS

0.001EPSS

2024-06-25 04:15 AM
23
thn
thn

4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree

Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies. The defendants, Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (aka Tien...

7AI Score

2024-06-25 03:52 AM
10
thn
thn

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...

7.2AI Score

2024-06-25 03:32 AM
9
cvelist
cvelist

CVE-2024-6297 Several WordPress.org Plugins <= Various Versions - Injected Backdoor

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

10CVSS

0.001EPSS

2024-06-25 03:30 AM
19
nvd
nvd

CVE-2024-22385

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...

4.4CVSS

0.0004EPSS

2024-06-25 02:15 AM
2
cve
cve

CVE-2024-22385

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-06-25 02:15 AM
6
cvelist
cvelist

CVE-2024-22385 File and Directory Permission Vulnerability in Hitachi Storage Provider for VMware vCenter

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...

4.4CVSS

0.0004EPSS

2024-06-25 01:34 AM
2
vulnrichment
vulnrichment

CVE-2024-22385 File and Directory Permission Vulnerability in Hitachi Storage Provider for VMware vCenter

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...

4.4CVSS

6.9AI Score

0.0004EPSS

2024-06-25 01:34 AM
nessus
nessus

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2024-1830)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.(CVE-2024-30205) In Emacs...

6.8AI Score

0.0005EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : expat (EulerOS-SA-2024-1831)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via...

9AI Score

0.0004EPSS

2024-06-25 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1829)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1821)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1824)

The remote host is missing an update for the Huawei...

6.7CVSS

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2024-1809)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2024-1812)

The remote host is missing an update for the Huawei...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-25 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0232)

The remote host is missing an update for...

8.8CVSS

7.5AI Score

0.002EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1841)

The remote host is missing an update for the Huawei...

5.3CVSS

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-25 12:00 AM
3
nessus
nessus

EulerOS 2.0 SP11 : mod_http2 (EulerOS-SA-2024-1819)

According to the versions of the mod_http2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a...

7.5CVSS

8AI Score

0.005EPSS

2024-06-25 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : glusterfs (EulerOS-SA-2024-1833)

According to the versions of the glusterfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use- after-free.(CVE-2022-48340) Tenable...

7.5CVSS

7.8AI Score

0.001EPSS

2024-06-25 12:00 AM
nessus
nessus

RHEL 8 : [23.0] Security update for the 23.0 (RPMs) (Low) (RHSA-2024:4081)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4081 advisory. The quarkus-mandrel-java and quarkus-mandrel-23 packages provide the GraalVM installation for the quarkus/mandrel-23-rhel8:23.0 container...

3.7CVSS

6.9AI Score

0.0005EPSS

2024-06-25 12:00 AM
nessus
nessus

FreeBSD : chromium -- multiple security fixes (2b68c86a-32d5-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2b68c86a-32d5-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 5 security fixes: Tenable has extracted the...

7.1AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-1846)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do...

6.8AI Score

EPSS

2024-06-25 12:00 AM
nessus
nessus

PyTorch < 2.2.2 RCE

The remote host contains a torchserve version that is prior to 2.2.2. It is, therefore, affected by a remote code execution vulnerability. A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The...

10CVSS

8.3AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1835)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...

7.4AI Score

0.0004EPSS

2024-06-25 12:00 AM
3
nessus
nessus

EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1849)

According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when...

7.8CVSS

8AI Score

0.0005EPSS

2024-06-25 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1816)

The remote host is missing an update for the Huawei...

7.8CVSS

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
1
Total number of security vulnerabilities888968