Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...
9.8CVSS
7.2AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY –...
8.8CVSS
7.2AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through...
5.3CVSS
7AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through...
8.3CVSS
7.2AI Score
0.0004EPSS
CVE-2024-32680 WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY –...
8.7AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through...
8.3AI Score
0.0004EPSS
CVE-2024-32131 WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through...
5.3AI Score
0.0004EPSS
Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...
9.5AI Score
0.0004EPSS
Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through...
8.8CVSS
7.2AI Score
0.0004EPSS
Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through...
8.8AI Score
0.0004EPSS
Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...
9.5AI Score
0.973EPSS
[SECURITY] Fedora 40 Update: podman-5.0.3-1.fc40
podman (Pod Manager) is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman....
6.9AI Score
0.0004EPSS
K000139668: MySQL Server vulnerabilities CVE-2024-21000 and CVE-2024-21008
Security Advisory Description CVE-2024-21000 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with...
4.5AI Score
0.0004EPSS
SolarWinds ARM < 23.2.4 (2023-2-4_CVE-2024-23473)
The version of SolarWinds ARM installed on the remote host is prior to 23.2.4. It is, therefore, affected by a vulnerability as referenced in the 2023-2-4 advisory. The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If...
7.6AI Score
In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix memory leak when bringing down interface When bringing down the TX rings we flush the rings but forget to reclaimed the flushed packets. This leads to a memory leak since we do not free the dma mapped buffers....
6.8AI Score
0.0004EPSS
K000139667: MySQL vulnerability CVE-2024-21056
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
4.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/pm: resolve reboot exception for si oland" This reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86. This causes hangs on SI when DC is enabled and errors on driver reboot and power off...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ The bq27xxx i2c-client may not have an IRQ, in which case client->irq will be 0. bq27xxx_battery_i2c_probe() already has an if (client->irq) check wrapping the...
6.5AI Score
0.0004EPSS
CyberPower Power Device Network Utility Missing Authentication (CVE-2024-32735)
The CyberPower Power Device Network Utility (PDNU) running on the remote host is affected by a missing authentication vulnerability. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to access critical functions of the...
7.6AI Score
K000139641: libxml2 vulnerability CVE-2023-28484
Security Advisory Description In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. (CVE-2023-28484) Impact This vulnerability allows a remote, authenticated...
6.3AI Score
0.001EPSS
WP Job Manager < 2.3.0 - Unauthenticated Information Exposure
Description The WP Job Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
6.3AI Score
0.0004EPSS
CyberPower Power Device Network Utility Detection
CyberPower Power Device Network Utility (PDNU) is running on the remote...
7.4AI Score
Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local...
8.8CVSS
6.9AI Score
0.0004EPSS
Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local...
7.9CVSS
7.4AI Score
0.0004EPSS
Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local...
5.5CVSS
6.3AI Score
0.0004EPSS
Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7AI Score
0.0004EPSS
Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local...
5.5CVSS
6.5AI Score
0.0004EPSS
Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local...
8.8CVSS
7AI Score
0.0004EPSS
Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local...
8.8CVSS
7AI Score
0.0004EPSS
NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local...
5CVSS
6.5AI Score
0.0004EPSS
Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local...
8.8CVSS
6.9AI Score
0.0004EPSS
Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local...
3.8CVSS
6AI Score
0.0004EPSS
Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local...
8.8CVSS
7.3AI Score
0.0004EPSS
NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local...
5AI Score
0.0004EPSS
Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local...
3.9AI Score
0.0004EPSS
Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local...
5.2AI Score
0.0004EPSS
Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local...
5.4AI Score
0.0004EPSS
Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local...
6.8AI Score
0.0004EPSS
Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local...
8.3AI Score
0.0004EPSS
Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local...
8.8AI Score
0.0004EPSS
Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local...
8.9AI Score
0.0004EPSS
Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local...
8.6AI Score
0.0004EPSS
Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local...
8.8AI Score
0.0004EPSS
Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local...
8.6AI Score
0.0004EPSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue affects AuthPoint.....
7.8CVSS
7.1AI Score
0.0004EPSS
Rounding up some of the major headlines from RSA
While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...
7.6AI Score
0.001EPSS
(RHSA-2024:2782) Important: OpenShift Container Platform 4.12.57 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.57. See the following advisory for the RPM...
7.6AI Score
0.037EPSS
CVE-2024-1417 Local Code Injection Vulnerability in AuthPoint Password Manager App for macOS Safari
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue affects AuthPoint.....
7.4AI Score
0.0004EPSS
See a Sneak Peek of Tuesday’s Take Command Summit
In just a few short days, some of the best minds in cybersecurity will come together at Take Command to discuss the most pressing challenges and opportunities we face as an industry. The sessions include in-depth discussions on attacker trends and behaviors, a look into the Rapid7 SOC, top guest...
7.6AI Score