The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access.....
6.4CVSS
5.8AI Score
0.0004EPSS
CVE-2023-6799 WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness
The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data...
5.9CVSS
5.8AI Score
0.0004EPSS
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input....
6.4CVSS
5.8AI Score
0.0004EPSS
The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input...
6.4CVSS
5.8AI Score
0.0004EPSS
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This...
6.4CVSS
5.8AI Score
0.0004EPSS
🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 25th, 2024, during our second Bug Bounty...
9.8CVSS
8.6AI Score
0.001EPSS
Sicat - The Useful Exploit Finder
Introduction SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant...
7.2AI Score
Starry Addax targets human rights defenders in North Africa with new malware
Cisco Talos is disclosing a new threat actor we deemed "Starry Addax" targeting mostly human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware. Starry Addax conducts phishing attacks tricking their targets into installing malicious...
8.1AI Score
CL0P's Ransomware Rampage - Security Measures for 2024
2023 CL0P Growth Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the 'CryptoMix' ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to....
9.8CVSS
7.4AI Score
EPSS
April 9, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 (KB5037040) Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2.....
7.3CVSS
8.1AI Score
0.0004EPSS
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12271)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12271 advisory. [5.4.17-2136.330.7.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan...
7.8CVSS
8.3AI Score
EPSS
RHEL 8 : edk2 (RHSA-2024:1722)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1722 advisory. EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for...
8.8CVSS
8.7AI Score
0.001EPSS
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12272)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12272 advisory. [5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug:...
8.4AI Score
EPSS
advanced-matrix.com Cross Site Scripting vulnerability OBB-3909580
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.330.7.1.el7] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate...
7.8CVSS
8.1AI Score
EPSS
7.4AI Score
Unbreakable Enterprise kernel security update
[5.4.17-2136.330.7.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate Branch...
7.8CVSS
8.1AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Enumerate Branch...
8.2AI Score
EPSS
7.4AI Score
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.330.7.1.el8] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate...
7.8CVSS
8.1AI Score
EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through...
6.5CVSS
9.2AI Score
0.0004EPSS
CVE-2024-31306 WordPress Essential Blocks plugin <= 4.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints
This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper when....
7.5AI Score
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges....
6.1CVSS
6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to...
6.4CVSS
5.7AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to...
6.4CVSS
7.6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to...
6.4CVSS
5.8AI Score
0.0004EPSS
$657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin
On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active installations. This vulnerability makes it possible for authenticated users such as subscribers...
8.8CVSS
9.2AI Score
0.0004EPSS
cassandra-rs's non-idiomatic use of iterators leads to use after free
Impact Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. Code that uses the item and then advances the iterator is unaffected. This problem has always existed......
7.5CVSS
6.9AI Score
0.0004EPSS
cassandra-rs's non-idiomatic use of iterators leads to use after free
Impact Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. Code that uses the item and then advances the iterator is unaffected. This problem has always existed......
7.5CVSS
7.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...
6.7AI Score
0.0004EPSS
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs....
7.8CVSS
7.7AI Score
0.0004EPSS
AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details. Star the...
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...
6.1AI Score
0.0004EPSS
CVE-2024-26813 vfio/platform: Create persistent IRQ handlers
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...
7AI Score
0.0004EPSS
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
8AI Score
0.0004EPSS
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.5AI Score
0.0004EPSS
CVE-2024-2509 Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.8AI Score
0.0004EPSS
CVE-2024-2509 Gutenberg Blocks by Kadence Blocks < 3.2.26 - Contributor+ Stored XSS
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.8AI Score
0.0004EPSS
HTTP/2 CONTINUATION Flood Vulnerability
HTTP/2, a widely adopted web communication protocol, organizes data transmission through a binary framing layer, wherein all communication is divided into smaller messages called frames, each identified by a specific type, such as headers, data, and continuation frames. HTTP/2 HEADER frames...
7.2AI Score
7.8CVSS
6AI Score
0.001EPSS
Description The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input.....
6.4CVSS
6AI Score
0.0004EPSS
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to....
6.4CVSS
5.8AI Score
0.0004EPSS
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and...
6.4CVSS
5.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...
6.9AI Score
0.0004EPSS
Positron Broadcast Signal Processor TRA7005 1.20 Authentication Bypass Exploit
The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint...
7.8AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
EPSS