Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through...
6.5CVSS
0.0004EPSS
CVE-2024-32805 WordPress Social Snap plugin <= 1.3.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through...
6.5CVSS
6.9AI Score
0.0004EPSS
CVE-2024-32805 WordPress Social Snap plugin <= 1.3.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through...
5.4CVSS
6.9AI Score
0.0004EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
Telerik Report Server Authentication Bypass - CVE-2024-4358...
9.8CVSS
9.9AI Score
0.938EPSS
7.5CVSS
7.1AI Score
0.931EPSS
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. Bugs https://gitlab.gnome.org/GNOME/vte/-/issues/2786 https://gitlab.xfce.org/apps/xfce4-terminal/-/issues/319 Notes Author| Note...
6.7AI Score
0.008EPSS
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to...
6.7AI Score
0.008EPSS
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to...
0.008EPSS
Malicious code in cosma-ui-icons (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (49388262dd0b3d40b1f426a488f94937d409f2ce2053702f81a099fa8ed3b3c2) The OpenSSF Package Analysis project identified 'cosma-ui-icons' @ 9999.999.3 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through...
7.1CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through...
7.1CVSS
6.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through...
6.5CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through...
7.1CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through...
7.1CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through...
6.5CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through...
6.5CVSS
6.8AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.967EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91929399-249e-11ef-9296-b42e991fc52e advisory. [email protected] reports: Kanboard is project management software that focuses on the...
8.2CVSS
6.8AI Score
0.0004EPSS
aimeos-core arbitrary file uopload vulnerability
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...
7.4AI Score
0.0004EPSS
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhc2-23c2-ww7c. This link is maintained to preserve external references. Original Description An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to...
7.3AI Score
0.0004EPSS
Security and Human Behavior (SHB) 2024
This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...
7.4AI Score
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...
7.4AI Score
0.0004EPSS
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...
0.0004EPSS
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...
7.8AI Score
0.0004EPSS
Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities
Summary IBM QRadar SIEM includes a vulnerable version of kernel that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13631 DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code...
9.8CVSS
9.1AI Score
EPSS
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...
6.5CVSS
6.3AI Score
0.0005EPSS
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...
5.3CVSS
0.0005EPSS
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...
6.5CVSS
0.0005EPSS
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...
6.5CVSS
6.8AI Score
0.0005EPSS
PIP-INTEL - OSINT and Cyber Intelligence Tool
Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity...
7AI Score
The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash
Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created...
7.2AI Score
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020,...
7.2AI Score
9.9CVSS
7.1AI Score
0.001EPSS
Vulnerability of bgp_capability_msg_parse() functions of a software tool for implementing network routing on Unix-like FRRouting systems is related to reading outside memory boundaries of the BGP FRRouting daemon. Unix-like systems FRRouting is related to read outside memory boundaries in the BGP.....
9.1CVSS
8.6AI Score
0.029EPSS
Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1....
6.5CVSS
6.7AI Score
0.0005EPSS
ruby:3.3 security, bug fix, and enhancement update
ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37448 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability...
7.5AI Score
EPSS
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...
0.0004EPSS
OpenSSL 1.0.0 < 1.0.0b Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.0b. It is, therefore, affected by a vulnerability as referenced in the 1.0.0b advisory. Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching...
7.7AI Score
0.335EPSS
The vulnerability of the system views pg_stats_ext, pg_stats_ext_exprs of the PostgreSQL DBMS is related to errors in privilege management. in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate...
3.1CVSS
4.1AI Score
0.0004EPSS
OpenSSL 0.9.8 < 0.9.8p Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8p. It is, therefore, affected by a vulnerability as referenced in the 0.9.8p advisory. Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching...
7.7AI Score
0.335EPSS
7.4AI Score
Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass
Description The plugin is vulnerable to authentication bypass due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they...
9.8CVSS
7.1AI Score
0.001EPSS