A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has.....
7.3CVSS
7.3AI Score
0.0004EPSS
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has.....
7.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely....
7.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely....
7.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-5064 PHPGurukul Online Course Registration System news-details.php sql injection
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has.....
7.3CVSS
7.3AI Score
0.0004EPSS
CVE-2024-5064 PHPGurukul Online Course Registration System news-details.php sql injection
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has.....
7.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-5063 PHPGurukul Online Course Registration System index.php sql injection
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely....
7.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-5063 PHPGurukul Online Course Registration System index.php sql injection
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely....
7.3CVSS
7.5AI Score
0.0004EPSS
A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course...
5.6AI Score
EPSS
A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course...
5.4AI Score
EPSS
Breach Forums Admin ShinyHunters Claims Domain Reclaimed from FBI
By Waqas Breach Forums, a notorious cybercrime hub, could be back online with the same domain even after the FBI seizure. Hackers claim to have regained access to the clear web domain, while the dark web version remains in a tug-of-war. This is a post from HackRead.com Read the original post:...
7.2AI Score
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted...
7.7AI Score
EPSS
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted...
7.4AI Score
EPSS
A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has...
7.3CVSS
7.3AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has...
7.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit.....
5.3CVSS
5.4AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit.....
5.3CVSS
7AI Score
0.0004EPSS
CVE-2024-5046 SourceCodester Online Examination System registeracc.php sql injection
A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has...
7.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-5045 SourceCodester Online Birth Certificate Management System admin file access
A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit.....
5.3CVSS
5.4AI Score
0.0004EPSS
CVE-2024-5045 SourceCodester Online Birth Certificate Management System admin file access
A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit.....
5.3CVSS
7.1AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through...
9.8CVSS
6.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through...
9.8CVSS
9.6AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through...
8.8CVSS
8.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through...
8.8CVSS
6.8AI Score
0.0004EPSS
CVE-2024-24882 WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability
Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through...
9.8CVSS
9.6AI Score
0.0004EPSS
CVE-2024-24882 WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability
Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through...
9.8CVSS
6.9AI Score
0.0004EPSS
Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks
The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir,...
8.1AI Score
Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through...
8.8CVSS
8.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through...
8.8CVSS
7AI Score
0.0004EPSS
Rounding up some of the major headlines from RSA
While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...
7.8CVSS
7.6AI Score
0.001EPSS
CVE-2024-4352-Poc CVE-2024-4352 Tutor LMS Pro <= 2.7.0 -...
8.8CVSS
8.7AI Score
0.001EPSS
TotalCloud Container Security Best Practices
Qualys Container Security (CS), an integral part of TotalCloud 2.0, provides a comprehensive view of the security posture of containerized applications. Operationalizing a new technology tool in an enterprise often presents its own challenges. This blog seeks to help the operations team...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...
10CVSS
9.5AI Score
EPSS
GE Healthcare Ultrasound Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: low attack complexity Vendor: GE Healthcare Equipment: Ultrasound Products Vulnerability: Protection Mechanism Failure, Incorrect User Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with...
7.4CVSS
7AI Score
0.001EPSS
Siemens SIMATIC RTLS Locating Manager
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
10CVSS
9.2AI Score
0.009EPSS
Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it
More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That's a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing.....
7.5AI Score
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...
8.8CVSS
7AI Score
0.001EPSS
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...
8.8CVSS
8.6AI Score
0.001EPSS
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
8.8CVSS
6.6AI Score
0.001EPSS
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
8.8CVSS
8.6AI Score
0.001EPSS
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or...
7.3CVSS
6.6AI Score
0.0005EPSS
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or...
7.3CVSS
7.2AI Score
0.0005EPSS
RunGptLLM class in LlamaIndex has a command injection
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or...
8.8CVSS
8AI Score
0.0004EPSS
RunGptLLM class in LlamaIndex has a command injection
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or...
8.8CVSS
8AI Score
0.0004EPSS
CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...
8.8CVSS
7.2AI Score
0.001EPSS
CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...
8.8CVSS
8.8AI Score
0.001EPSS
CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or...
7.3CVSS
6.8AI Score
0.0005EPSS
CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
8.8CVSS
8.8AI Score
0.001EPSS
CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
8.8CVSS
6.8AI Score
0.001EPSS
CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or...
7.3CVSS
7.4AI Score
0.0005EPSS