The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.6AI Score
0.0004EPSS
CVE-2024-2369 Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSS
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.8AI Score
0.0004EPSS
Genesis Blocks < 3.1.3 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the block content due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute...
6.4CVSS
5.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output") introduced a smatch warning about another conditional block in...
7.5AI Score
0.0004EPSS
RHEL 9 : postgresql-jdbc: (RHSA-2024:1649)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1649 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java...
10CVSS
9.8AI Score
0.001EPSS
Introducing New Pricing For Wordfence CLI!
We have an exciting announcement today about the Wordfence CLI project. We launched Wordfence CLI at WordCamp US back in August of 2023 with the goal of bringing malware and vulnerability scanning to the command line. We've been working closely with our customers since the launch to better...
7.1AI Score
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 21st, 2024, during our second Bug Bounty Extravaganza,.....
7.2CVSS
6.2AI Score
0.0004EPSS
Hive Pro Announces Launch of Alliance Partner Program in North America for MSPs and VARs
Herndon, VA – 01 April 2024 – Hive Pro, a pioneer vendor in Threat Exposure Management, announced the formal launch of its North America Alliance Partner Program for Managed Service Providers (MSP) and Value-Added Resellers (VARs). This initiative aims to empower Managed Service Providers (MSPs)...
7.3AI Score
Drozer - The Leading Security Assessment Framework For Android
drozer (formerly Mercury) is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. drozer provides tools to....
7.5AI Score
Detecting Windows-based Malware Through Better Visibility
Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren't just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national...
7AI Score
Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities
The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. "Vultur has also started masquerading more of its...
7.7AI Score
[SECURITY] Fedora 38 Update: seamonkey-2.53.18.2-1.fc38
SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application.....
7.1AI Score
[SECURITY] Fedora 39 Update: seamonkey-2.53.18.2-1.fc39
SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application.....
7.1AI Score
[SECURITY] Fedora 40 Update: seamonkey-2.53.18.2-1.fc40
SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application.....
7.1AI Score
Amazon Linux 2 : squid (ALAS-2024-2509)
The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2509 advisory. An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext....
9.3CVSS
7.9AI Score
0.034EPSS
7.4AI Score
[SECURITY] Fedora 38 Update: ghc-hakyll-4.16.2.0-1.fc38
Hakyll is a static website compiler library. It provides you with the tools to create a simple or advanced static website using a Haskell DSL and formats su ch as markdown or RST. You can find more information, including a tutorial, on t he website:...
6.3CVSS
5.9AI Score
0.001EPSS
advanced-embroidery-designs.com Cross Site Scripting vulnerability OBB-3890905
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,.....
6.4CVSS
5.7AI Score
0.0004EPSS
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,.....
6.4CVSS
7.6AI Score
0.0004EPSS
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,.....
6.4CVSS
5.8AI Score
0.0004EPSS
The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes.....
6.4CVSS
5.7AI Score
0.0004EPSS
The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes.....
6.4CVSS
7.6AI Score
0.0004EPSS
The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes.....
6.4CVSS
5.8AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: ghc-hakyll-4.16.2.0-4.fc39
Hakyll is a static website compiler library. It provides you with the tools to create a simple or advanced static website using a Haskell DSL and formats su ch as markdown or RST. You can find more information, including a tutorial, on t he website:...
6.3CVSS
5.9AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg allows Reflected XSS.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...
7.1CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg allows Reflected XSS.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...
7.1CVSS
7.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg allows Reflected XSS.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...
7.1CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg allows Reflected XSS.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Step-Byte-Service GmbH OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) allows Stored XSS.This issue affects OpenStreetMap for Gutenberg and WPBakery Page Builder...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Step-Byte-Service GmbH OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) allows Stored XSS.This issue affects OpenStreetMap for Gutenberg and WPBakery Page Builder...
6.5CVSS
9.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Step-Byte-Service GmbH OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) allows Stored XSS.This issue affects OpenStreetMap for Gutenberg and WPBakery Page Builder...
6.5CVSS
6.7AI Score
0.0004EPSS
Sysrv Harnessing Google Subdomains to Circulate XMRig
Summary: Sysrv, an advanced botnet, employs a Golang worm to infiltrate devices and distribute XMRig cryptocurrency miners, leveraging network vulnerabilities and undergoing constant evolution through operator refinement. Threat Level - Red | Attack Report For a detailed threat advisory, download.....
7.4AI Score
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
7.6AI Score
0.0004EPSS
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
5.7AI Score
0.0004EPSS
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
5.8AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: ghc-hakyll-4.16.2.0-4.fc40
Hakyll is a static website compiler library. It provides you with the tools to create a simple or advanced static website using a Haskell DSL and formats su ch as markdown or RST. You can find more information, including a tutorial, on t he website:...
6.3CVSS
5.9AI Score
0.001EPSS
Description The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated....
6.4CVSS
5.9AI Score
0.0004EPSS
IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2024-15726)
IBM QRadar SIEM is a solution from International Business Machines (IBM) that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
4.8CVSS
6.2AI Score
0.0004EPSS
Fedora: Security Advisory for ghc-hakyll (FEDORA-2024-7d83cbccb6)
The remote host is missing an update for...
6.3CVSS
6.3AI Score
0.001EPSS
IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2024-15725)
IBM QRadar SIEM is a solution from International Business Machines (IBM) that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
5.4CVSS
6.8AI Score
0.0004EPSS
Genesis Blocks < 3.1.3 - Contributor+ Stored XSS
Description The plugin does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks. PoC As a contributor, put the below code in a post while in Code Editor mode The XSS will be triggered when...
5.8AI Score
0.0004EPSS
Genesis Blocks < 3.1.3 - Contributor+ Stored XSS
Description The plugin does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS...
5.9AI Score
0.0004EPSS
Description The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes.....
6.4CVSS
5.8AI Score
0.0004EPSS
Otter Blocks < 2.6.6 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes such as 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
6.4CVSS
5.8AI Score
0.0004EPSS
(RHSA-2024:1570) Important: ACS 4.4 enhancement and security update
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. This release includes the following features and updates: New Compliance capabilities (Technology Preview) Network graph enhancements for internal entities Build-time...
7.6AI Score
0.963EPSS
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
8.8CVSS
6.3AI Score
0.0004EPSS