Ryzen™ Threadripper™ PRO Processors “Chagall” WS Security Vulnerabilities

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path Vulnerability

...

Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation

Description The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their...

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

...

Max Addons Pro for Bricks < 1.6.2 - Missing Authorization

Description The Max Addons Pro for Bricks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to reset the plugin's...

Fedora 40 : xen (2024-3a36322c4b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a36322c4b advisory. Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS...

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...

Max Addons Pro for Bricks < 1.6.2 - Reflected Cross-Site Scripting

Description The Max Addons Pro for Bricks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...

RHEL 7 : qemu-kvm-rhev (RHSA-2018:2258)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2258 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...

RHEL 5 / 6 : JBoss Enterprise Web Platform 5.1.1 update (Important) (RHSA-2011:0945)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0945 advisory. JBoss Seam EL interpolation in exception handling (CVE-2011-2196) Note that Nessus has not tested for this issue but has instead relied only on...

RHEL 7 : qemu-kvm-rhev (RHSA-2018:2289)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2289 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...

RHEL 7 : qemu-kvm-rhev (RHSA-2018:2228)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2228 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...

RHEL 7 : qemu-kvm-rhev (RHSA-2018:2364)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2364 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...

RHEL 7 : qemu-kvm-rhev (RHSA-2018:2363)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2363 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...

RHEL 6 : JBoss Enterprise Web Platform 5.1.2 update (Low) (RHSA-2011:1802)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1802 advisory. openid4java (AX extension): MITM due to improper validation of AX attribute signatures (CVE-2011-4314) Note that Nessus has not tested for this...

Metasploit Weekly Wrap-Up 04/26/24

Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...

A Zero-Day Vulnerability in CrushFTP Results in Server Compromise

...

ArcaneDoor a Novel Espionage Campaign Exploits Cisco Zero-Days

...

APT28 Exploits Windows Print Spooler Flaw with GooseEgg

...

10 Critical Endpoint Security Tips You Should Know

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide...

CVE-2024-3682

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract....

CVE-2024-3682

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract....

CVE-2024-3682

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract....

CVE-2024-3962

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary...

CVE-2024-3962

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary...

CVE-2024-3962

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary...

CVE-2024-31755

cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at...

Header Footer Code Manager Pro < 1.0.17 - Reflected Cross-Site Scripting via message

Description The Header Footer Code Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-51794

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

Cyber Horizon Annual Threat Report 2023

...

CVE-2024-32676

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...

CVE-2024-32676

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...

CVE-2024-32676 WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...

CVE-2024-32676 WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before...

CoralRaider’s Malware Campaign Distributing Stealers Via CDN Cache

...

ToddyCat’s Toolkit and Tactics Fueling Data Theft

...

WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File

Description The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated...

LoginPress Pro < 3.0.0 - Unauthenticated License Activation/Deactivation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check, allowing unauthenticated attacks to activate and deactivate...

Product Addons & Fields for WooCommerce < 32.0.19 - Unauthenticated Arbitrary File Upload via ppom_upload_file

Description The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload...

LoginPress Pro < 3.0.0 - Captcha Bypass

Description The plugin is vulnerable to Bypass, allowing unauthenticated attackers to bypass the Captcha...

ElementsKit Pro < 3.6.1 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets

Description The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include...

CVE-2024-32677

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before...

CVE-2024-32677

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before...

CVE-2024-32677 WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before...

CVE-2024-32794

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

CVE-2024-32794

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

CVE-2024-32793

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

CVE-2024-32793

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...

CVE-2024-32793 WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...