Lucene search

K

P10, P10 Plus Security Vulnerabilities

nvd
nvd

CVE-2024-3615

The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web.....

6.1CVSS

6AI Score

0.0004EPSS

2024-04-19 03:15 AM
cve
cve

CVE-2024-3615

The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web.....

6.1CVSS

6.3AI Score

0.0004EPSS

2024-04-19 03:15 AM
31
cvelist
cvelist

CVE-2024-3615

The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web.....

6.1CVSS

6.1AI Score

0.0004EPSS

2024-04-19 02:34 AM
nessus
nessus

EulerOS Virtualization 2.10.0 : libssh2 (EulerOS-SA-2024-1529)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

5.9CVSS

7.4AI Score

0.963EPSS

2024-04-19 12:00 AM
2
nessus
nessus

EulerOS Virtualization 2.10.1 : openssh (EulerOS-SA-2024-1552)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

6.5CVSS

8AI Score

0.963EPSS

2024-04-19 12:00 AM
6
nessus
nessus

EulerOS Virtualization 2.10.1 : libssh2 (EulerOS-SA-2024-1548)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

5.9CVSS

7.5AI Score

0.963EPSS

2024-04-19 12:00 AM
5
nessus
nessus

EulerOS Virtualization 2.10.0 : openssh (EulerOS-SA-2024-1533)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

6.5CVSS

8AI Score

0.963EPSS

2024-04-19 12:00 AM
7
nessus
nessus

EulerOS Virtualization 2.10.1 : libssh (EulerOS-SA-2024-1547)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

5.9CVSS

7.4AI Score

0.963EPSS

2024-04-19 12:00 AM
5
f5
f5

K000139353 : aiohttp vulnerability CVE-2024-23334

Security Advisory Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to...

7.5CVSS

7.3AI Score

0.052EPSS

2024-04-19 12:00 AM
15
nessus
nessus

EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2024-1528)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

5.9CVSS

7.8AI Score

0.963EPSS

2024-04-19 12:00 AM
6
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...

8.8AI Score

EPSS

2024-04-18 03:58 PM
26
f5
f5

K000139340 : Apache Tomcat vulnerability CVE-2024-22029

Security Advisory Description A flaw was found in the Tomcat package of OpenSUSE and derived distributions. This issue occurs due to incorrect permissions and a race condition in the %post section of the Tomcat RPM package, resulting in local privilege escalation when the Tomcat package is...

7AI Score

EPSS

2024-04-18 12:00 AM
12
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...

7.8CVSS

8.4AI Score

EPSS

2024-04-18 12:00 AM
18
nessus
nessus

Dell Client BIOS Out-Of-Bounds Write Vulnerability (DSA-2024-066)

The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by an Out-of-Bounds Write Vulnerability that could be exploited by malicious users to compromise the affected system. Note that Nessus has not tested for this issue but has instead relied only on the...

4.7CVSS

4.9AI Score

0.0004EPSS

2024-04-18 12:00 AM
15
redhatcve
redhatcve

CVE-2024-26854

In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And the mutex is the la...

6.9AI Score

0.0004EPSS

2024-04-17 07:54 PM
5
nvd
nvd

CVE-2024-26854

In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And the mutex is the la...

6.4AI Score

0.0004EPSS

2024-04-17 11:15 AM
cve
cve

CVE-2024-26854

In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And the mutex is the la...

6.6AI Score

0.0004EPSS

2024-04-17 11:15 AM
28
debiancve
debiancve

CVE-2024-26854

In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And the mutex is the...

6.6AI Score

0.0004EPSS

2024-04-17 11:15 AM
7
cvelist
cvelist

CVE-2024-26854 ice: fix uninitialized dplls mutex usage

In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And the mutex is the la...

6.6AI Score

0.0004EPSS

2024-04-17 10:17 AM
cve
cve

CVE-2024-32457

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The CSSIgniter Team Elements Plus! allows Stored XSS.This issue affects Elements Plus!: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-04-17 10:15 AM
34
nvd
nvd

CVE-2024-32457

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The CSSIgniter Team Elements Plus! allows Stored XSS.This issue affects Elements Plus!: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-04-17 10:15 AM
cvelist
cvelist

CVE-2024-32457 WordPress Elements Plus! plugin <= 2.16.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The CSSIgniter Team Elements Plus! allows Stored XSS.This issue affects Elements Plus!: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-04-17 09:55 AM
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6725-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-2 advisory. An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and...

9.8CVSS

7.4AI Score

EPSS

2024-04-17 12:00 AM
15
ubuntucve
ubuntucve

CVE-2024-26854

In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf-&gt;dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And the mutex is the la...

6.6AI Score

0.0004EPSS

2024-04-17 12:00 AM
7
nessus
nessus

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6724-2)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6724-2 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any...

8CVSS

6.6AI Score

0.0005EPSS

2024-04-17 12:00 AM
10
nessus
nessus

Ubuntu 20.04 LTS : Linux kernel (IoT) vulnerabilities (USN-6726-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-2 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...

7.8CVSS

7.9AI Score

EPSS

2024-04-17 12:00 AM
11
nessus
nessus

Jenkins LTS < 2.440.3 / Jenkins weekly < 2.452

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.440.3 or Jenkins weekly prior to 2.452. It is, therefore, affected by a vulnerability: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH...

5.9CVSS

7.1AI Score

0.963EPSS

2024-04-17 12:00 AM
85
nessus
nessus

Ubuntu 20.04 LTS : Linux kernel (Xilinx ZynqMP) vulnerabilities (USN-6726-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-3 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...

7.8CVSS

7.9AI Score

EPSS

2024-04-17 12:00 AM
11
malwarebytes
malwarebytes

Giant Tiger breach sees 2.8 million records leaked

Someone has posted a database of over 2.8 million records to a hacker forum, claiming they originated from a March 2024 hack at Canadian retail chain Giant Tiger. When asked, they posted a small snippet as proof. The download of the full database is practically free for other active members of...

7.2AI Score

2024-04-16 01:07 PM
14
wired
wired

Roku Breach Hits 567,000 Users

Plus: Apple warns iPhone users about spyware attacks, CISA issues an emergency directive about a Microsoft breach, and a ransomware hacker tangles with an unimpressed HR manager named...

6.9AI Score

2024-04-13 10:30 AM
12
redhatcve
redhatcve

CVE-2021-47192

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

7.2AI Score

0.0004EPSS

2024-04-11 10:02 PM
9
qualysblog
qualysblog

Qualys Endpoint Detection & Response Validated by Top Independent Testing Labs

Qualys is proud to announce that our Endpoint Detection & Response solution has earned top certifications from two of the most respected independent anti-virus testing organizations - SE Labs and AV-Test. These prestigious validations underscore Qualys' mission to deliver best-in-class malware...

7.4AI Score

2024-04-11 07:47 PM
8
talosblog
talosblog

The internet is already scary enough without April Fool’s jokes

I feel like over the past several years, the "holiday" that is April Fool's Day has really died down. At this point, there are few headlines you can write that would be more ridiculous than something you'd find on a news site any day of the week. And there are so many more serious issues that are.....

7.3AI Score

2024-04-11 06:00 PM
5
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...

9.9CVSS

9.8AI Score

0.082EPSS

2024-04-11 05:23 PM
33
debiancve
debiancve

CVE-2021-47192

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

6.6AI Score

0.0004EPSS

2024-04-10 07:15 PM
6
nvd
nvd

CVE-2021-47192

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

7.4AI Score

0.0004EPSS

2024-04-10 07:15 PM
cve
cve

CVE-2021-47192

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

6.5AI Score

0.0004EPSS

2024-04-10 07:15 PM
34
vulnrichment
vulnrichment

CVE-2021-47192 scsi: core: sysfs: Fix hang when device state is set via sysfs

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

6.9AI Score

0.0004EPSS

2024-04-10 06:56 PM
1
cvelist
cvelist

CVE-2021-47192 scsi: core: sysfs: Fix hang when device state is set via sysfs

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

6.7AI Score

0.0004EPSS

2024-04-10 06:56 PM
cve
cve

CVE-2024-31287

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-04-10 04:15 PM
26
nvd
nvd

CVE-2024-31287

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-04-10 04:15 PM
cvelist
cvelist

CVE-2024-31287 WordPress Media Library Folders plugin <= 8.1.8 - Directory Traversal vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-04-10 04:07 PM
wpvulndb
wpvulndb

WP Photo Album Plus < 8.6.03.005 - Authenticated (Subscriber+) Arbitrary File Upload

Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wppa_user_upload() function in all versions up to, and including, 8.6.03.004. This makes it possible for authenticated attackers, with subscriber-level access....

9.9CVSS

7.7AI Score

0.0004EPSS

2024-04-10 12:00 AM
7
redos
redos

ROS-20240410-02

Vulnerability in the HTTP/3 QUIC module of NGINX Plus, NGINX OSS web servers that allows an attacker to cause a denial of service. denial of service Vulnerability of ngx_http_v3_module module of NGINX and NGINX Plus servers is related to memory usage after its release. memory after it has been...

7.5CVSS

7AI Score

0.0004EPSS

2024-04-10 12:00 AM
9
ubuntucve
ubuntucve

CVE-2021-47192

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery,...

6.5AI Score

0.0004EPSS

2024-04-10 12:00 AM
7
f5
f5

K000139225: nghttp2 vulnerability CVE-2024-28182

Security Advisory Description nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes...

5.3CVSS

6.1AI Score

0.0004EPSS

2024-04-10 12:00 AM
14
cve
cve

CVE-2024-2335

The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-04-09 07:15 PM
27
nvd
nvd

CVE-2024-2335

The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-04-09 07:15 PM
2
cvelist
cvelist

CVE-2024-2335

The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-04-09 06:59 PM
vulnrichment
vulnrichment

CVE-2024-2335

The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-04-09 06:59 PM
Total number of security vulnerabilities14815