Lucene search

K

Newsletter – Send Awesome Emails From WordPress Security Vulnerabilities

nessus
nessus

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1834)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

5.3CVSS

7.2AI Score

0.0005EPSS

2024-06-25 12:00 AM
nessus
nessus

AlmaLinux 9 : python3.11 (ALSA-2024:4077)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4077 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) Tenable has extracted the preceding description block directly from the AlmaLinux security...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : llvm (EulerOS-SA-2024-1839)

According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to...

6.8AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : curl (EulerOS-SA-2024-1808)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum...

9.8AI Score

0.0004EPSS

2024-06-25 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : sssd (EulerOS-SA-2024-1847)

According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper...

7.1CVSS

7.3AI Score

0.0004EPSS

2024-06-25 12:00 AM
wpvulndb
wpvulndb

WordPress < 6.5.5 - Contributor+ Path Traversal in Template-Part Block

Description WordPress does not properly escape the "file" attribute in the "Template Part block" allowing high-privileged users to perform Path Traversal on Windows servers, leading to arbitrary File...

7.2AI Score

2024-06-25 12:00 AM
5
wpexploit
wpexploit

WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block

Description WordPress does not properly escape the "tagName" attribute in the "Template Part block" allowing high-privileged users to perform Stored Cross-Site Scripting (XSS)...

6AI Score

2024-06-25 12:00 AM
29
packetstorm

7AI Score

0.0004EPSS

2024-06-25 12:00 AM
15
cve
cve

CVE-2024-34992

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via...

7.2AI Score

0.0004EPSS

2024-06-24 11:15 PM
10
cve
cve

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) &lt;= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods...

7.1AI Score

0.0004EPSS

2024-06-24 11:15 PM
8
cve
cve

CVE-2024-36681

SQL Injection vulnerability in the module "Isotope" (pk_isotope) &lt;=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via pk_isotope::saveData and pk_isotope::removeData...

7.6AI Score

0.0004EPSS

2024-06-24 11:15 PM
7
cve
cve

CVE-2024-36683

SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent...

7.6AI Score

0.0004EPSS

2024-06-24 11:15 PM
8
nvd
nvd

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate()...

0.0004EPSS

2024-06-24 11:15 PM
4
nvd
nvd

CVE-2024-36681

SQL Injection vulnerability in the module "Isotope" (pk_isotope) &lt;=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via pk_isotope::saveData and pk_isotope::removeData...

0.0004EPSS

2024-06-24 11:15 PM
3
nvd
nvd

CVE-2024-36683

SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent...

0.0004EPSS

2024-06-24 11:15 PM
4
nvd
nvd

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) &lt;= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods...

0.0004EPSS

2024-06-24 11:15 PM
4
cve
cve

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate()...

8AI Score

0.0004EPSS

2024-06-24 11:15 PM
8
nvd
nvd

CVE-2024-34992

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via...

0.0004EPSS

2024-06-24 11:15 PM
4
nvd
nvd

CVE-2024-34991

In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions...

0.0004EPSS

2024-06-24 10:15 PM
5
nvd
nvd

CVE-2024-36682

In the module "Theme settings" (pk_themesettings) &lt;= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can.....

0.0004EPSS

2024-06-24 10:15 PM
7
cve
cve

CVE-2024-34991

In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions...

6.5AI Score

0.0004EPSS

2024-06-24 10:15 PM
10
cve
cve

CVE-2024-36682

In the module "Theme settings" (pk_themesettings) &lt;= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can.....

7AI Score

0.0004EPSS

2024-06-24 10:15 PM
11
ibm
ibm

Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)

Summary Vulnerability in Python could allow a remote attacker to cause a denial of service (CVE-2024-0450). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-0450 DESCRIPTION: **Python CPython is vulnerable to a denial of service, caused.....

6.2CVSS

7.3AI Score

0.0005EPSS

2024-06-24 10:05 PM
1
citrix
citrix

Cloud Software Group Security Advisory for CVE-2024-3661

Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN. Please find below the impact status: ...

7.6CVSS

6.7AI Score

0.0005EPSS

2024-06-24 08:37 PM
8
qualysblog
qualysblog

Essential Strategies to Secure Your Web Applications and APIs in a Modern Application Development World

In today’s interconnected digital world, the role of web applications and APIs has become central to business operations, acting as gateways to vast amounts of valuable data and services. However, their widespread use and accessibility make them prime targets for cybercriminals, posing substantial....

7.7AI Score

2024-06-24 05:13 PM
5
malwarebytes
malwarebytes

Change Healthcare confirms the customer data stolen in ransomware attack

For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led.....

7.4AI Score

2024-06-24 04:42 PM
2
osv
osv

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-24 04:18 PM
2
github
github

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-24 04:18 PM
3
redhatcve
redhatcve

CVE-2024-29510

A flaw was found in Ghostscript. The uniprint device allows the user to provide various string fragments as device options, which are later appended to the output file. Two parameters, upWriteComponentCommands and upYMoveCommand, are treated as format strings, specifically for gp_fprintf and...

6.5AI Score

EPSS

2024-06-24 03:52 PM
3
redhatcve
redhatcve

CVE-2023-6507

A flaw was found in Python's subprocess module. When creating a new subprocess, the developer may specify a list of extra groups through the 'extra_groups=` parameter. When this optional parameter is informed with an empty list, the module fails to properly clean the associated groups from the new....

6.1CVSS

6.5AI Score

0.001EPSS

2024-06-24 03:51 PM
6
ibm
ibm

Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update

Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile (WLP) to version 24.0.0.6 for security update in WLP. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) |...

9.8CVSS

7.3AI Score

0.001EPSS

2024-06-24 03:45 PM
9
wordfence
wordfence

Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins

On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team. We immediately checked the malicious file and uploaded it to our internal....

7.1AI Score

2024-06-24 03:21 PM
3
aix
aix

Multiple vulnerabilities in IBM Java SDK affect AIX

IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:10:30 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_jun2024_advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...

5.9CVSS

4.6AI Score

0.0004EPSS

2024-06-24 03:10 PM
1
aix
aix

AIX is affected by a denial of service due to Python (CVE-2024-0450)

IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:07:51 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory10.asc Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)...

6.2CVSS

6.8AI Score

0.0005EPSS

2024-06-24 03:07 PM
1
thn
thn

Google Introduces Project Naptime for AI-Powered Vulnerability Research

Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target...

8.3AI Score

2024-06-24 03:03 PM
18
githubexploit
githubexploit

Exploit for CVE-2024-29868

CVE-2024-29868: Use of Cryptographically Weak PRNG in...

7.2AI Score

0.0004EPSS

2024-06-24 02:53 PM
22
ibm
ibm

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty shipped with IBM CICS TX Standard

Summary Security vulnerabilities may affect IBM WebSphere Liberty shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable issue. Vulnerability Details ** CVEID: CVE-2024-22353 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-24 02:15 PM
1
cve
cve

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-06-24 02:15 PM
11
nvd
nvd

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

8.8CVSS

0.0004EPSS

2024-06-24 02:15 PM
4
nvd
nvd

CVE-2024-36479

In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

0.0004EPSS

2024-06-24 02:15 PM
2
nvd
nvd

CVE-2024-37026

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines with.....

0.0004EPSS

2024-06-24 02:15 PM
3
cve
cve

CVE-2024-38664

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be initialized. We do this before...

6.4AI Score

0.0004EPSS

2024-06-24 02:15 PM
9
cve
cve

CVE-2024-39291

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...

6.9AI Score

0.0004EPSS

2024-06-24 02:15 PM
9
debiancve
debiancve

CVE-2024-38664

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be initialized. We do this before...

6.5AI Score

0.0004EPSS

2024-06-24 02:15 PM
1
nvd
nvd

CVE-2024-39291

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...

0.0004EPSS

2024-06-24 02:15 PM
3
debiancve
debiancve

CVE-2024-39291

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...

7AI Score

0.0004EPSS

2024-06-24 02:15 PM
2
nvd
nvd

CVE-2024-38384

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE -&gt;lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of -&gt;lqueued is re-ordered with READ of 'bisc-&gt;lnod...

0.0004EPSS

2024-06-24 02:15 PM
2
debiancve
debiancve

CVE-2024-38663

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't reset the stat...

6.8AI Score

0.0004EPSS

2024-06-24 02:15 PM
nvd
nvd

CVE-2024-38664

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be initialized. We do this before...

0.0004EPSS

2024-06-24 02:15 PM
3
debiancve
debiancve

CVE-2024-37021

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

6.7AI Score

0.0004EPSS

2024-06-24 02:15 PM
1
Total number of security vulnerabilities888968