The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...
5.9AI Score
0.001EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...
8.2AI Score
Rockwell Studio 5000 Logix Designer < V34 Code Hiding
The version of Rockwell Studio 5000 Logix Designer installed on the remote Windows host is prior to V34. It is, therefore, affected by a vulnerability. An attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable...
7.3AI Score
7.4AI Score
Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF.....
7.2AI Score
Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2.....
7.2AI Score
Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD.....
7.2AI Score
Contact Form 7 Plugin for WordPress < 5.8.4 Arbitrary File Upload
The WordPress Contact Form 7 Plugin installed on the remote host is affected by an authenticated file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
7.1AI Score
0.0004EPSS
Contact Form 7 Plugin for WordPress < 5.9.2 Cross-Site Scripting
The WordPress Contact Form 7 Plugin installed on the remote host is affected by a Cross-Site Scripting (XSS) vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
6.4AI Score
Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
6.3AI Score
Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF.....
7.3AI Score
Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2.....
7.2AI Score
7.1AI Score
0.0004EPSS
7.1AI Score
0.001EPSS
7.1AI Score
0.001EPSS
Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF.....
7.2AI Score
Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD.....
7.2AI Score
6.6AI Score
0.019EPSS
6.5AI Score
0.019EPSS
Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing....
6.3AI Score
Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TGA.....
7.2AI Score
Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPF.....
7.2AI Score
Pivotal RabbitMQ 3.8.x < 3.8.16 Code Execution
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. A malicious actor can execute arbitrary code on the running RabbitMQ server by adding arbitrary...
7.7AI Score
Oracle Linux 8 : glibc (ELSA-2024-3344)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3344 advisory. [2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: ...
6.6AI Score
Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2.....
7.2AI Score
In the jungle of AWS S3 Enumeration
By Daily Contributors Amazon Web Services (AWS) Simple Storage Service (S3) is a foundational pillar of cloud storage, offering scalable object… This is a post from HackRead.com Read the original post: In the jungle of AWS S3...
7.3AI Score
One Phish, Two Phish, Red Phish, Blue Phish
By Daily Contributors One of the interesting things about working for a cybersecurity company is that you get to talk to… This is a post from HackRead.com Read the original post: One Phish, Two Phish, Red Phish, Blue...
7.2AI Score
ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting
Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the...
7.2AI Score
ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting
Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the...
7.2AI Score
Umbraco Commerce is vulnerable to stored Cross-site scripting (XSS). The vulnerability is due to insufficient input validation in the Print Functionality, allowing attackers to inject malicious...
6.2AI Score
Ecuador Is Literally Powerless in the Face of Drought
Drought-stricken hydro dams have led to daily electricity cuts in Ecuador. As weather becomes less predictable due to climate change, experts say other countries need to take...
7.3AI Score
ShinyHunters Claims Santander Bank Breach: 30M Customers’ Data for Sale
By Waqas ShinyHunters' claims surfaced two weeks after Santander Bank acknowledged a data breach linked to a third-party contractor involving… This is a post from HackRead.com Read the original post: ShinyHunters Claims Santander Bank Breach: 30M Customers' Data for...
7.2AI Score
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since...
6.8AI Score
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since...
6.8AI Score
LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication...
7.9AI Score
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious...
7.8AI Score
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated...
8.4AI Score
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....
7.4AI Score
Mitigate Http/2 continuations with Imperva WAF
As the threat landscape continues to grow, with new breaches being announced every day, Imperva continues to stay one step ahead of attackers. HTTP/2 exploits seem to be growing every quarter as more attackers use this vulnerability in new ways. We previously wrote about how Imperva protected its.....
7.2AI Score
Beware of scammers impersonating Malwarebytes
Scammers love to bank on the good name of legitimate companies to gain the trust of their intended targets. Recently, it came to our attention that a cybercriminal is using fake websites for security products to spread malware. One of those websites was impersonating the Malwarebytes brand. Image.....
7.3AI Score
4 Arrested as Operation Endgame Disrupts Ransomware Botnets
By Waqas Europol led Operation Endgame, the largest operation against botnets to date, focused on dismantling the infrastructure of malicious… This is a post from HackRead.com Read the original post: 4 Arrested as Operation Endgame Disrupts Ransomware...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I...
6.5AI Score
In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever...
7.3AI Score
CVE-2024-24919: Check Point Security Gateway Information Disclosure
On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade. On May 29, 2024, security firm mnemonic published...
8.8AI Score
0.019EPSS
CVE-2024-36944 Reapply "drm/qxl: simplify qxl_fence_wait"
In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
9.2AI Score
0.001EPSS
‘Operation Endgame’ Hits Malware Delivery Platforms
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort.....
7.1AI Score
7.3AI Score
symfony/validator XML Entity Expansion vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score