Lucene search

K

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Security Vulnerabilities

wolfi
wolfi

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: skopeo, addon-resizer, amass, terraform-provider-google, gitlab-pages, flux-image-automation-controller, istio-pilot-agent, newrelic-prometheus-configurator, kuberay-operator, kustomize, govulncheck, cadvisor, cloudflared, dataplaneapi, docker-compose, gobump,...

6.5AI Score

0.0004EPSS

2024-06-16 09:08 AM
10
wolfi
wolfi

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-external-attacher, rekor, skopeo, kafka_exporter, dask-gateway, hubble-ui, lazygit, golangci-lint, nri-prometheus, crossplane, skaffold, aws-ebs-csi-driver, falcosidekick, render-template, volume-modifier-for-k8s, gitlab-pages, kubecolor, atlantis,...

6.5AI Score

0.0004EPSS

2024-06-16 09:08 AM
16
wolfi
wolfi

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: kubernetes-csi-external-attacher, rekor, skopeo, kafka_exporter, dask-gateway, hubble-ui, lazygit, golangci-lint, nri-prometheus, crossplane, skaffold, aws-ebs-csi-driver, falcosidekick, render-template, volume-modifier-for-k8s, gitlab-pages, kubecolor, atlantis,...

7.5AI Score

2024-06-16 09:08 AM
14
wolfi
wolfi

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: kubernetes-csi-external-attacher, rekor, skopeo, kafka_exporter, dask-gateway, hubble-ui, lazygit, golangci-lint, nri-prometheus, crossplane, skaffold, aws-ebs-csi-driver, falcosidekick, render-template, volume-modifier-for-k8s, gitlab-pages, kubecolor, atlantis,...

7.5AI Score

2024-06-16 09:08 AM
20
wolfi
wolfi

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: skopeo, addon-resizer, amass, terraform-provider-google, gitlab-pages, flux-image-automation-controller, istio-pilot-agent, newrelic-prometheus-configurator, kuberay-operator, kustomize, govulncheck, cadvisor, cloudflared, dataplaneapi, docker-compose, gobump,...

6.5AI Score

0.0004EPSS

2024-06-16 09:08 AM
8
wolfi
wolfi

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: skopeo, addon-resizer, amass, terraform-provider-google, gitlab-pages, flux-image-automation-controller, istio-pilot-agent, newrelic-prometheus-configurator, kuberay-operator, kustomize, govulncheck, cadvisor, cloudflared, dataplaneapi, docker-compose, gobump,...

7.5AI Score

2024-06-16 09:08 AM
2
wolfi
wolfi

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-external-attacher, rekor, skopeo, kafka_exporter, dask-gateway, hubble-ui, lazygit, golangci-lint, nri-prometheus, crossplane, skaffold, aws-ebs-csi-driver, falcosidekick, render-template, volume-modifier-for-k8s, gitlab-pages, kubecolor, atlantis,...

6.5AI Score

0.0004EPSS

2024-06-16 09:08 AM
17
wolfi
wolfi

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: skopeo, addon-resizer, amass, terraform-provider-google, gitlab-pages, flux-image-automation-controller, istio-pilot-agent, newrelic-prometheus-configurator, kuberay-operator, kustomize, govulncheck, cadvisor, cloudflared, dataplaneapi, docker-compose, gobump,...

7.5AI Score

2024-06-16 09:08 AM
2
thn
thn

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The...

7.3AI Score

2024-06-16 04:31 AM
3
mageia
mageia

Updated nano packages fix security vulnerability

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges....

4.7CVSS

7.6AI Score

0.0004EPSS

2024-06-16 02:07 AM
5
mageia
mageia

Updated atril packages fix security vulnerability

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user....

8.5CVSS

7.5AI Score

0.005EPSS

2024-06-16 02:07 AM
6
krebs
krebs

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...

7.8AI Score

2024-06-15 11:40 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-15 07:37 PM
88
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577 In PHP when using Apache and PHP-CGI on...

9.8CVSS

8.7AI Score

0.932EPSS

2024-06-15 06:05 PM
20
cve
cve

CVE-2024-31870

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...

3.3CVSS

3.5AI Score

0.0004EPSS

2024-06-15 02:15 PM
4
nvd
nvd

CVE-2024-31870

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...

3.3CVSS

0.0004EPSS

2024-06-15 02:15 PM
3
nvd
nvd

CVE-2024-27275

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target...

7.4CVSS

0.0004EPSS

2024-06-15 02:15 PM
9
cve
cve

CVE-2024-27275

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-15 02:15 PM
3
cvelist
cvelist

CVE-2024-27275 IBM i privilege escalation

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target...

7.4CVSS

0.0004EPSS

2024-06-15 01:49 PM
cvelist
cvelist

CVE-2024-31870 IBM i information disclosure

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...

3.3CVSS

0.0004EPSS

2024-06-15 01:47 PM
vulnrichment
vulnrichment

CVE-2024-31870 IBM i information disclosure

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...

3.3CVSS

6AI Score

0.0004EPSS

2024-06-15 01:47 PM
nvd
nvd

CVE-2024-5611

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.001EPSS

2024-06-15 10:15 AM
2
cve
cve

CVE-2024-5611

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-15 10:15 AM
9
thn
thn

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...

7AI Score

2024-06-15 09:51 AM
9
cvelist
cvelist

CVE-2024-5611 Stratum – Elementor Widgets <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.001EPSS

2024-06-15 09:43 AM
2
cve
cve

CVE-2024-4095

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-15 09:15 AM
9
nvd
nvd

CVE-2024-4095

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS

0.001EPSS

2024-06-15 09:15 AM
2
nvd
nvd

CVE-2024-2695

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'....

6.4CVSS

0.0004EPSS

2024-06-15 09:15 AM
4
cve
cve

CVE-2024-2695

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-15 09:15 AM
6
cvelist
cvelist

CVE-2024-4095 Collapse-O-Matic <= 1.8.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS

0.001EPSS

2024-06-15 08:42 AM
cvelist
cvelist

CVE-2024-2695 Shariff Wrapper <= 4.6.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'....

6.4CVSS

0.0004EPSS

2024-06-15 08:42 AM
2
thn
thn

Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks

A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under the moniker UTA0137, noting the adversary's exclusive use of a malware called DISGOMOJI that's written...

7.8CVSS

8.6AI Score

0.076EPSS

2024-06-15 08:13 AM
3
thn
thn

Meta Pauses AI Training on EU User Data Amid Privacy Concerns

Meta on Friday said it's delaying its efforts to train the company's large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). The company expressed disappointment at.....

6.8AI Score

2024-06-15 07:49 AM
2
nvd
nvd

CVE-2024-1399

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

0.0004EPSS

2024-06-15 06:15 AM
2
cve
cve

CVE-2024-1399

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-15 06:15 AM
6
cvelist
cvelist

CVE-2024-1399 Restaurant Menu and Food Ordering <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

0.0004EPSS

2024-06-15 05:45 AM
2
cve
cve

CVE-2024-4479

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient.....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-15 02:15 AM
4
nvd
nvd

CVE-2024-5263

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-15 02:15 AM
1
nvd
nvd

CVE-2024-4479

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient.....

6.4CVSS

0.001EPSS

2024-06-15 02:15 AM
1
cve
cve

CVE-2024-3815

The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS

5.1AI Score

0.0004EPSS

2024-06-15 02:15 AM
4
cve
cve

CVE-2024-5263

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-15 02:15 AM
4
cve
cve

CVE-2024-3814

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS

5.1AI Score

0.0004EPSS

2024-06-15 02:15 AM
3
nvd
nvd

CVE-2024-3814

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS

0.0004EPSS

2024-06-15 02:15 AM
1
nvd
nvd

CVE-2024-3815

The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS

0.0004EPSS

2024-06-15 02:15 AM
1
nvd
nvd

CVE-2023-6696

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....

8.1CVSS

0.001EPSS

2024-06-15 02:15 AM
3
cve
cve

CVE-2023-6696

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....

8.1CVSS

8AI Score

0.001EPSS

2024-06-15 02:15 AM
3
cvelist
cvelist

CVE-2024-4479 Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient.....

6.4CVSS

0.001EPSS

2024-06-15 02:02 AM
2
cvelist
cvelist

CVE-2023-6696 Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....

8.1CVSS

0.001EPSS

2024-06-15 02:02 AM
2
cvelist
cvelist

CVE-2024-3815 Newspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta

The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS

0.0004EPSS

2024-06-15 02:01 AM
2
cvelist
cvelist

CVE-2024-5263 ElementsKit Elementor addons and Templates Library <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table Widgets

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-15 02:01 AM
1
Total number of security vulnerabilities671495