The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email...
6.5CVSS
0.0005EPSS
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email...
6.5CVSS
6.9AI Score
0.0005EPSS
The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with...
7.1CVSS
7.7AI Score
0.001EPSS
The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with...
7.1CVSS
0.001EPSS
The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
5.5CVSS
5.1AI Score
0.0004EPSS
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic...
5.3CVSS
0.0004EPSS
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic...
5.3CVSS
5.2AI Score
0.0004EPSS
curl: Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities
Summary: Best-Fit is a character mapping strategy designed to resolve the issue when characters in the source code page lack a direct equivalent in the target code page. During the conversion of characters from a Unicode code page to a non-Unicode code page, if a corresponding character cannot be.....
9.8CVSS
7.2AI Score
0.973EPSS
The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...
9.8CVSS
10AI Score
0.001EPSS
The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...
9.8CVSS
0.001EPSS
CVE-2024-5577 Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion
The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...
9.8CVSS
0.001EPSS
CVE-2024-5577 Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion
The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...
9.8CVSS
10AI Score
0.001EPSS
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...
7.1AI Score
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...
6.5CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...
5.4CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...
5.4CVSS
0.0004EPSS
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to...
9.8CVSS
9.7AI Score
0.001EPSS
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to...
9.8CVSS
0.001EPSS
CVE-2024-4936 Canto <= 3.0.8 - Unauthenticated Remote File Inclusion
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to...
9.8CVSS
7.5AI Score
0.001EPSS
CVE-2024-4936 Canto <= 3.0.8 - Unauthenticated Remote File Inclusion
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to...
9.8CVSS
0.001EPSS
Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns
Microsoft on Thursday revealed that it's delaying the rollout of the controversial artificial intelligence (AI)-powered Recall feature for Copilot+ PCs. To that end, the company said it intends to shift from general availability to a preview available first in the Windows Insider Program (WIP) in.....
6.7AI Score
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call.....
7.8CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...
4.3CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
YITH WooCommerce Product Add-Ons < 4.9.3 - Unauthenticated Content Injection
Description The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to Content Injection in all versions up to, and including, 4.9.2. This is due to the plugin not properly validating a field that can be updated. This makes it possible for unauthenticated attackers to inject...
5.3CVSS
7.1AI Score
0.0005EPSS
7.4AI Score
7.4AI Score
0.0004EPSS
PPOM for WooCommerce < 32.0.21 - Unauthenticated Content Injection Vulnerability
Description The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to Content Injection in all versions up to, and including, 32.0.20. This is due to the plugin not properly validating a field that can be updated. This makes it possible for unauthenticated attackers to...
5.3CVSS
7.1AI Score
0.0005EPSS
7.4AI Score
7.2AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
FooEvents for WooCommerce < 1.19.21 - Improper Authorization to (Contributor+) Arbitrary File Upload
Description The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with.....
7.1CVSS
7.6AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
7.1AI Score
0.0004EPSS
7.4AI Score
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
6.5CVSS
6.8AI Score
0.001EPSS