The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary....
6.4CVSS
6.8AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary....
6.4CVSS
7.5AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on...
6.4CVSS
7.5AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on...
6.4CVSS
6.8AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on...
6.4CVSS
7AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary....
6.4CVSS
7AI Score
0.0004EPSS
K000139064 : Apache vulnerabilities CVE-2009-2299, CVE-2012-3526, CVE-2012-4001, and CVE-2012-4360
Security Advisory Description CVE-2009-2299 The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via...
6.6AI Score
0.038EPSS
Recent ‘MFA Bombing’ Attacks Targeting Apple Users
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used...
6.6AI Score
Rockwell Automation FactoryTalk View ME
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View ME Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the loss of view or...
5.3CVSS
7.2AI Score
0.0004EPSS
The Plus Addons for Elementor < 5.4.2 - Contributor+ LFI
Description The plugin is vulnerable to Local File Inclusion via the Team Member Listing and Clients widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in....
6.4CVSS
7.9AI Score
0.0004EPSS
K000139043 : Apache Struts vulnerabilities CVE-2016-4430, CVE-2016-4431, and CVE-2016-4433
Security Advisory Description CVE-2016-4430 Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. CVE-2016-4431 Apache Struts 2 2.3.20 through 2.3.28.1 allows remote...
8.8CVSS
7.4AI Score
0.009EPSS
IBM Storage Protect Plus Server Access Control Error Vulnerability
IBM Storage Protect Plus Server is an IBM Storage software from International Business Machines (IBM) that provides recovery, replication, retention and reuse for virtual machines, databases, applications, file systems, SaaS workloads and containers. An access control error vulnerability exists in....
4.3CVSS
6.5AI Score
0.0004EPSS
IBM Storage Protect Plus Server Information Disclosure Vulnerability (CNVD-2024-16923)
IBM Storage Protect Plus Server is an IBM Storage software from International Business Machines (IBM) that provides recovery, replication, retention and reuse for virtual machines, databases, applications, file systems, SaaS workloads and containers. An information disclosure vulnerability exists.....
6.2CVSS
6.2AI Score
0.0004EPSS
Security Advisory Description CVE-2011-1176 The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which...
8.6AI Score
0.018EPSS
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...
5.3CVSS
6.7AI Score
0.0004EPSS
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...
5.3CVSS
5.3AI Score
0.0004EPSS
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™...
5.3CVSS
5.6AI Score
0.0004EPSS
K000139026 : NTP vulnerability CVE-2009-3563
Security Advisory Description ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE.....
6.9AI Score
0.965EPSS
Apple Chip Flaw Leaks Secret Encryption Keys
Plus: The Biden administration warns of nationwide attacks on US water systems, a new Russian wiper malware emerges, and China-linked hackers wage a global attack...
7.3AI Score
K000138990 : BIND vulnerability CVE-2023-4408
Security Advisory Description The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this....
7.5CVSS
7.2AI Score
0.001EPSS
openSUSE 15 Security Update : jsch-agent-proxy (SUSE-SU-2024:0974-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0974-1 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...
5.9CVSS
7.2AI Score
0.963EPSS
openSUSE 15 Security Update : jbcrypt, trilead-ssh2 (SUSE-SU-2024:0972-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0972-1 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...
5.9CVSS
7.2AI Score
0.963EPSS
Mozilla Drops Onerep After CEO Admits to Running People-Search Networks
The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by.....
7.1AI Score
Reflectionless Templates With Spring
A few Java libraries have shown up recently that use text templates, but compile to Java classes at build time. They can thus claim to some extent to be "reflection free". Together with potential benefits of runtime performance, they promise to be easy to use and integrate with GraalVM native...
7.2AI Score
K000138989 : BIND vulnerability CVE-2023-5517
Security Advisory Description A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response....
7.5CVSS
7.3AI Score
0.001EPSS
K000138991 : BIND vulnerability CVE-2023-6516
Security Advisory Description To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is...
7.5CVSS
7AI Score
0.001EPSS
The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: ...
6.2CVSS
6.2AI Score
0.0004EPSS
The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: ...
6.2CVSS
6.5AI Score
0.0004EPSS
CVE-2024-27277 IBM Storage Protect Plus Server information disclosure
The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: ...
6.2CVSS
6.3AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126...
10CVSS
10AI Score
0.001EPSS
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: ...
4.3CVSS
4.8AI Score
0.0004EPSS
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: ...
4.3CVSS
4.4AI Score
0.0004EPSS
CVE-2023-47715 IBM Storage Protect Plus Server improper access control
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: ...
4.3CVSS
4.6AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1475)
The remote host is missing an update for the Huawei...
6.5CVSS
6.7AI Score
0.963EPSS
Apple Security Update: iOS 16.7.7 and iPadOS 16.7.7Details coming soon
Apple recommends to install security update iOS 16.7.7 and iPadOS 16.7.7Details coming soon on devices iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st...
6.6AI Score
About the security content of iOS 16.7.7 and iPadOS 16.7.7
About the security content of iOS 16.7.7 and iPadOS 16.7.7 This document describes the security content of iOS 16.7.7 and iPadOS 16.7.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
5.9CVSS
6.3AI Score
0.0005EPSS
EulerOS Virtualization 2.9.0 : libssh2 (EulerOS-SA-2024-1470)
According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.4AI Score
0.963EPSS
EulerOS Virtualization 2.9.1 : openssh (EulerOS-SA-2024-1460)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
6.5CVSS
8AI Score
0.963EPSS
K000138977 : ncurses vulnerability CVE-2022-29458
Security Advisory Description ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. (CVE-2022-29458) Impact There is no impact; F5 products are not affected by this...
7.1CVSS
9.7AI Score
0.001EPSS
EulerOS Virtualization 2.9.1 : libssh2 (EulerOS-SA-2024-1455)
According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.8AI Score
0.963EPSS
Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1469)
The remote host is missing an update for the Huawei...
5.9CVSS
6.6AI Score
0.963EPSS
K000138966 : Intel Xeon CPU vulnerability CVE-2023-23908
Security Advisory Description Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-23908) Impact This vulnerability may allow a privileged user to enable information.....
4.4CVSS
6AI Score
0.0004EPSS
EulerOS Virtualization 2.9.1 : libssh (EulerOS-SA-2024-1454)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.4AI Score
0.963EPSS
EulerOS Virtualization 2.9.0 : libssh (EulerOS-SA-2024-1469)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.4AI Score
0.963EPSS
Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1454)
The remote host is missing an update for the Huawei...
5.9CVSS
6.6AI Score
0.963EPSS
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1455)
The remote host is missing an update for the Huawei...
5.9CVSS
6.7AI Score
0.963EPSS
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1470)
The remote host is missing an update for the Huawei...
5.9CVSS
6.7AI Score
0.963EPSS
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1460)
The remote host is missing an update for the Huawei...
6.5CVSS
6.7AI Score
0.963EPSS
EulerOS Virtualization 2.9.0 : openssh (EulerOS-SA-2024-1475)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
6.5CVSS
8AI Score
0.963EPSS
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...
9.8CVSS
9.9AI Score
EPSS