Lucene search

K

Qubely – Advanced Gutenberg Blocks Security Vulnerabilities

wpvulndb
wpvulndb

Content Blocks (Custom Post Widget) < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.9AI Score

0.0004EPSS

2024-05-16 12:00 AM
3
nessus
nessus

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6774-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6774-1 advisory. The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect...

4.3CVSS

7.3AI Score

EPSS

2024-05-16 12:00 AM
11
nessus
nessus

RHEL 8 : bind and dhcp (RHSA-2024:2890)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2890 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....

7.5CVSS

8.5AI Score

0.05EPSS

2024-05-16 12:00 AM
5
nessus
nessus

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-6778-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6778-1 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was...

5.5CVSS

7.3AI Score

0.0004EPSS

2024-05-16 12:00 AM
1
github
github

Magento Open Source Security Advisory: Patch SUPEE-10975

Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF), and more. The following issues have been identified and...

7.1AI Score

2024-05-15 10:34 PM
15
osv
osv

Magento Open Source Security Advisory: Patch SUPEE-10975

Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF), and more. The following issues have been identified and...

7.1AI Score

2024-05-15 10:34 PM
6
github
github

EZsystems Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution (RCE), a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if....

7.9AI Score

2024-05-15 09:32 PM
3
osv
osv

EZsystems Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution (RCE), a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if....

7.9AI Score

2024-05-15 09:32 PM
2
github
github

eZ Publish Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution (RCE), a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if....

7.9AI Score

2024-05-15 09:19 PM
2
osv
osv

eZ Publish Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution (RCE), a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if....

7.9AI Score

2024-05-15 09:19 PM
5
osv
osv

Drupal core Access control bypass

The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations. Solution: If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11. If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1. Versions.....

7AI Score

2024-05-15 09:00 PM
1
github
github

Drupal core Access control bypass

The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations. Solution: If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11. If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1. Versions.....

7AI Score

2024-05-15 09:00 PM
3
github
github

Drupal core Access bypass

The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations. Solution: If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11. If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1. Versions.....

7AI Score

2024-05-15 08:44 PM
1
osv
osv

Drupal core Access bypass

The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations. Solution: If you are using Drupal 8.7.x, you should upgrade to Drupal 8.7.11. If you are using Drupal 8.8.x, you should upgrade to Drupal 8.8.1. Versions.....

7AI Score

2024-05-15 08:44 PM
2
thn
thn

Google Launches AI-Powered Theft and Data Protection Features for Android Devices

Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users' devices and data in the event of a theft. These features aim to help protect data before, during and after a theft attempt, the tech giant said, adding...

7AI Score

2024-05-15 05:00 PM
1
thn
thn

Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps

Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data. This constitutes an update to the Play Integrity API that third-party app developers can take advantage of to secure their applications against malware....

6.8AI Score

2024-05-15 05:00 PM
1
mssecure
mssecure

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...

7.7AI Score

2024-05-15 04:00 PM
6
rapid7blog
rapid7blog

AI Trust Risk and Security Management: Why Tackle Them Now?

Co-authored by Sabeen Malik and Laura Ellis In the evolving world of artificial intelligence (AI), keeping our customers secure and maintaining their trust is our top priority. As AI technologies integrate more deeply into our daily operations and services, they bring a set of unique challenges...

7.5AI Score

2024-05-15 01:00 PM
3
thn
thn

Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions

An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail. ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned...

7.8AI Score

2024-05-15 12:29 PM
1
thn
thn

Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years

A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware...

9.8CVSS

7.3AI Score

0.003EPSS

2024-05-15 10:56 AM
1
nvd
nvd

CVE-2024-4208

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-15 03:15 AM
cve
cve

CVE-2024-4208

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-15 03:15 AM
6
nvd
nvd

CVE-2024-3189

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...

5.4CVSS

5.3AI Score

0.001EPSS

2024-05-15 03:15 AM
cve
cve

CVE-2024-3189

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...

5.4CVSS

5.7AI Score

0.001EPSS

2024-05-15 03:15 AM
6
cvelist
cvelist

CVE-2024-4208 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user...

6.4CVSS

6AI Score

0.0004EPSS

2024-05-15 02:32 AM
cvelist
cvelist

CVE-2024-3189 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...

5.4CVSS

5.5AI Score

0.001EPSS

2024-05-15 02:32 AM
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....

8.3AI Score

EPSS

2024-05-15 12:00 AM
6
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...

7.8CVSS

6.9AI Score

EPSS

2024-05-15 12:00 AM
9
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-2 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...

7.8CVSS

7.5AI Score

EPSS

2024-05-15 12:00 AM
6
wpvulndb
wpvulndb

All Bootstrap Blocks < 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

5.5AI Score

0.0004EPSS

2024-05-15 12:00 AM
2
nessus
nessus

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
14
nessus
nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1646-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1646-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
8
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1641-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single...

7.8CVSS

7.6AI Score

EPSS

2024-05-15 12:00 AM
5
nessus
nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
10
wpvulndb
wpvulndb

Gutenify < 1.4.1 - Unauthenticated Sensitive Information Exposure

Description The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...

6.3AI Score

0.0004EPSS

2024-05-15 12:00 AM
1
nvd
nvd

CVE-2024-4666

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-14 11:15 PM
cve
cve

CVE-2024-4666

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-14 11:15 PM
3
cvelist
cvelist

CVE-2024-4666 Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

6AI Score

0.001EPSS

2024-05-14 10:31 PM
krebs
krebs

Patch Tuesday, May 2024 Edition

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users,...

8.8CVSS

8.4AI Score

0.008EPSS

2024-05-14 08:19 PM
29
cve
cve

CVE-2024-3579

Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's...

6.2AI Score

0.0004EPSS

2024-05-14 04:17 PM
23
nvd
nvd

CVE-2024-3579

Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's...

5.9AI Score

0.0004EPSS

2024-05-14 04:17 PM
cve
cve

CVE-2024-3241

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.8AI Score

0.0004EPSS

2024-05-14 04:17 PM
30
nvd
nvd

CVE-2024-3241

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.5AI Score

0.0004EPSS

2024-05-14 04:17 PM
cve
cve

CVE-2023-46280

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-14 04:15 PM
30
nvd
nvd

CVE-2023-46280

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-05-14 04:15 PM
cve
cve

CVE-2024-4693

A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the...

5.5CVSS

6.2AI Score

0.0004EPSS

2024-05-14 03:44 PM
31
cve
cve

CVE-2024-4545

All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have...

7.7CVSS

6.7AI Score

0.0004EPSS

2024-05-14 03:44 PM
5
nvd
nvd

CVE-2024-4545

All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have...

7.7CVSS

7.5AI Score

0.0004EPSS

2024-05-14 03:44 PM
cve
cve

CVE-2024-4481

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 03:43 PM
5
nvd
nvd

CVE-2024-4481

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:43 PM
Total number of security vulnerabilities38882