Profile Builder – User Profile & User Registration Forms Security Vulnerabilities
Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit....
8.8CVSS
7.8AI Score
EPSS
Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit....
8.8CVSS
EPSS
Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...
8.8CVSS
7.8AI Score
EPSS
Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...
8.8CVSS
EPSS
CVE-2024-5924 Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability
Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit.....
8.8CVSS
7AI Score
EPSS
CVE-2024-5924 Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability
Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit.....
8.8CVSS
EPSS
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear...
EPSS
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear...
6.4AI Score
EPSS
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear...
EPSS
Cyberattack on Swedish Gambling Site During Eurovision Highlights Strategic Threats
Every year, the Eurovision Song Contest captivates millions of viewers across Europe and beyond, turning a simple music competition into a cultural phenomenon. This popularity extends to various forms of betting, with numerous gambling sites offering odds on Eurovision outcomes. Eurovision has...
7.5AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
8.4AI Score
EPSS
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: src-fingerprint, gh, dataplaneapi, nerdctl, kaniko, pluto, gosu, falcosidekick, kube-bench, cloudflared, secrets-store-csi-driver-provider-gcp, spire-server, nvidia-container-toolkit, haproxy-ingress, vt-cli, cluster-proportional-autoscaler, coredns,...
6.6AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: kubeadm-bootstrap-controller, grpcurl, telegraf, src-fingerprint, s5cmd, thanos, kubernetes-csi-driver-hostpath, golangci-lint, pulumi-language-yaml, kpt, tigera-operator, confluent-common-docker, logstash-exporter, http-echo, mc, skaffold, sops, delve,...
7.5AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: kubeadm-bootstrap-controller, grpcurl, telegraf, src-fingerprint, s5cmd, thanos, kubernetes-csi-driver-hostpath, golangci-lint, pulumi-language-yaml, kpt, tigera-operator, confluent-common-docker, logstash-exporter, http-echo, mc, skaffold, sops, delve,...
6.5AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: src-fingerprint, gh, dataplaneapi, nerdctl, kaniko, pluto, gosu, falcosidekick, kube-bench, cloudflared, secrets-store-csi-driver-provider-gcp, spire-server, nvidia-container-toolkit, haproxy-ingress, vt-cli, cluster-proportional-autoscaler, coredns,...
6.5AI Score
0.0004EPSS
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: kubeadm-bootstrap-controller, grpcurl, telegraf, src-fingerprint, s5cmd, thanos, kubernetes-csi-driver-hostpath, golangci-lint, pulumi-language-yaml, kpt, tigera-operator, confluent-common-docker, logstash-exporter, http-echo, mc, skaffold, sops, delve,...
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: src-fingerprint, gh, dataplaneapi, nerdctl, kaniko, pluto, gosu, falcosidekick, kube-bench, cloudflared, secrets-store-csi-driver-provider-gcp, spire-server, nvidia-container-toolkit, haproxy-ingress, vt-cli, cluster-proportional-autoscaler, coredns,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: kubeadm-bootstrap-controller, grpcurl, telegraf, src-fingerprint, s5cmd, thanos, kubernetes-csi-driver-hostpath, golangci-lint, pulumi-language-yaml, kpt, tigera-operator, confluent-common-docker, logstash-exporter, http-echo, mc, skaffold, sops, delve,...
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: src-fingerprint, gh, dataplaneapi, nerdctl, kaniko, pluto, gosu, falcosidekick, kube-bench, cloudflared, secrets-store-csi-driver-provider-gcp, spire-server, nvidia-container-toolkit, haproxy-ingress, vt-cli, cluster-proportional-autoscaler, coredns,...
7.5AI Score
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
7.1CVSS
6.8AI Score
EPSS
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
7.1CVSS
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
4.3CVSS
7AI Score
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
4.3CVSS
EPSS
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated...
7.5CVSS
EPSS
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated...
7.5CVSS
7.1AI Score
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
5.4CVSS
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the...
5.4CVSS
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...
5.4CVSS
7AI Score
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...
5.4CVSS
7AI Score
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
5.4CVSS
5.6AI Score
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...
5.4CVSS
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...
5.4CVSS
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the...
5.4CVSS
7AI Score
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
4.3CVSS
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the...
5.4CVSS
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...
5.4CVSS
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
5.4CVSS
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
5.4CVSS
7AI Score
EPSS
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...
5.4CVSS
EPSS
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated...
7.5CVSS
EPSS
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
7.1CVSS
EPSS
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
7.1CVSS
6.6AI Score
EPSS
The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....
5.4CVSS
5.3AI Score
EPSS
The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....
5.4CVSS
EPSS
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: ...
4.4CVSS
EPSS
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...
4CVSS
EPSS
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...
4CVSS
3.6AI Score
EPSS
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: ...
4.4CVSS
4.4AI Score
EPSS