Lucene search

K

Sermon'e – Sermons Online Security Vulnerabilities

cve
cve

CVE-2024-2542

The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-02 05:15 PM
39
cvelist
cvelist

CVE-2024-3553

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to enable...

6.5CVSS

6.4AI Score

0.0005EPSS

2024-05-02 04:52 PM
cvelist
cvelist

CVE-2024-2542

The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-02 04:52 PM
1
cvelist
cvelist

CVE-2024-3942

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated....

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-02 04:52 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...

9.1AI Score

EPSS

2024-05-02 02:49 PM
47
malwarebytes
malwarebytes

Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online

On October 30, 2020, I started a article with the words: “Hell is too nice a place for these people.” The subject of this outrage focused on the cybercriminals behind an attack on Finnish psychotherapy practice Vastaamo. Because it was a psychotherapy practice, the records contained extremely...

6.9AI Score

2024-05-02 01:28 PM
8
mssecure
mssecure

Microsoft introduces passkeys for consumer accounts

Ten years ago, Microsoft envisioned a bold future: a world free of passwords. Every year, we celebrate World Password Day by updating you on our progress toward eliminating passwords for good. Today, we’re announcing passkey support for Microsoft consumer accounts, the next step toward our vision.....

7.2AI Score

2024-05-02 01:00 PM
4
nessus
nessus

Fedora 38 : kernel (2024-f35f9525d6)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f35f9525d6 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-05-02 12:00 AM
6
nessus
nessus

FreeBSD : chromium -- multiple security fixes (f69415aa-086e-11ef-9f97-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f69415aa-086e-11ef-9f97-a8a1599412c6 advisory. Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to...

8.8CVSS

9.4AI Score

0.001EPSS

2024-05-02 12:00 AM
7
nessus
nessus

Fedora 40 : kernel (2024-010fe8772a)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-010fe8772a advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.5AI Score

0.0004EPSS

2024-05-02 12:00 AM
11
nessus
nessus

FreeBSD : R -- arbitrary code execution vulnerability (4a1e2bad-0836-11ef-9fd2-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a1e2bad-0836-11ef-9fd2-1c697a616631 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-05-02 12:00 AM
3
nessus
nessus

Fedora 39 : kernel (2024-bc0db39a14)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc0db39a14 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-05-02 12:00 AM
7
nessus
nessus

FreeBSD : hcode -- buffer overflow in mail.c (da4adc02-07f4-11ef-960d-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the da4adc02-07f4-11ef-960d-5404a68ad561 advisory. A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1. ...

7.7AI Score

0.0004EPSS

2024-05-02 12:00 AM
3
redhatcve
redhatcve

CVE-2024-27009

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent...

7.3AI Score

0.0004EPSS

2024-05-01 07:19 PM
4
redhatcve
redhatcve

CVE-2024-26931

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 27....

7.4AI Score

0.0004EPSS

2024-05-01 07:18 PM
1
malwarebytes
malwarebytes

Wireless carriers fined $200 million after illegally sharing customer location data

After four years of investigation, the Federal Communications Commission (FCC) has concluded that four of the major wireless carriers in the US violated the law in sharing access to customers’ location data. The FCC fined AT&T, Sprint, T-Mobile, and Verizon a total of almost $200 million for...

6.8AI Score

2024-05-01 09:35 AM
5
debiancve
debiancve

CVE-2024-27009

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent...

6.7AI Score

0.0004EPSS

2024-05-01 06:15 AM
5
nvd
nvd

CVE-2024-27009

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent...

7.3AI Score

0.0004EPSS

2024-05-01 06:15 AM
cve
cve

CVE-2024-27009

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent...

6.4AI Score

0.0004EPSS

2024-05-01 06:15 AM
53
nvd
nvd

CVE-2024-26931

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU:...

7.6AI Score

0.0004EPSS

2024-05-01 06:15 AM
debiancve
debiancve

CVE-2024-26931

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI ...

6.9AI Score

0.0004EPSS

2024-05-01 06:15 AM
5
cve
cve

CVE-2024-26931

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU:...

6.5AI Score

0.0004EPSS

2024-05-01 06:15 AM
53
cvelist
cvelist

CVE-2024-27009 s390/cio: fix race condition during online processing

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent...

7.6AI Score

0.0004EPSS

2024-05-01 05:29 AM
cvelist
cvelist

CVE-2024-26931 scsi: qla2xxx: Fix command flush on cable pull

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU:...

7.8AI Score

0.0004EPSS

2024-05-01 05:17 AM
1
ubuntucve
ubuntucve

CVE-2024-26931

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 27....

7.7AI Score

0.0004EPSS

2024-05-01 12:00 AM
6
packetstorm

7.4AI Score

2024-05-01 12:00 AM
90
ubuntucve
ubuntucve

CVE-2024-27009

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent...

7.3AI Score

0.0004EPSS

2024-05-01 12:00 AM
4
nvd
nvd

CVE-2024-4349

A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...

7.3CVSS

7.3AI Score

0.0004EPSS

2024-04-30 11:15 PM
2
cve
cve

CVE-2024-4349

A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...

7.3CVSS

6.8AI Score

0.0004EPSS

2024-04-30 11:15 PM
52
cvelist
cvelist

CVE-2024-4349 SourceCodester Pisay Online E-Learning System controller.php unrestricted upload

A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-04-30 11:00 PM
nvd
nvd

CVE-2024-29466

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java...

7.4AI Score

0.0004EPSS

2024-04-30 09:15 PM
cve
cve

CVE-2024-29466

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java...

7.7AI Score

0.0004EPSS

2024-04-30 09:15 PM
26
krebs
krebs

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo...

7.4AI Score

2024-04-30 01:34 PM
3
malwarebytes
malwarebytes

FBI warns online daters to avoid “free” online verification schemes that prove costly

The FBI has warned of fraudsters targeting users of dating websites and apps with “free” online verification service schemes that turn out to be very costly. Instead of being free, as advertised, the verification schemes involve steep monthly subscription fees, and will steal personal information.....

6.9AI Score

2024-04-30 11:08 AM
3
cert
cert

BMC software fails to validate IPMI session.

Overview The Intelligent Platform Management Interface (IPMI) implementations in multiple manufacturer's Baseboard Management Controller (BMC) software are vulnerable to IPMI session hijacking. An attacker with access to the BMC network (with IPMI enabled) can abuse the lack of session integrity...

9.1CVSS

8.2AI Score

0.24EPSS

2024-04-30 12:00 AM
25
cvelist
cvelist

CVE-2024-29466

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java...

7.7AI Score

0.0004EPSS

2024-04-30 12:00 AM
1
krebs
krebs

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers -- including AT&T, Sprint, T-Mobile and Verizon -- for illegally sharing access to customers' location information without consent. The fines mark the culmination of a...

7AI Score

2024-04-29 08:56 PM
2
malwarebytes
malwarebytes

Kaiser health insurance leaked patient data to advertisers

Health insurance giant Kaiser has announced it will notify millions of patients about a data breach after sharing patients’ data with advertisers. Kaiser said that an investigation led to the discovery that “certain online technologies, previously installed on its websites and mobile applications,....

7AI Score

2024-04-29 10:44 AM
8
cve
cve

CVE-2024-4302

Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS)...

6.1CVSS

6.4AI Score

0.0005EPSS

2024-04-29 06:15 AM
26
nvd
nvd

CVE-2024-4302

Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS)...

6.1CVSS

6.1AI Score

0.0005EPSS

2024-04-29 06:15 AM
cvelist
cvelist

CVE-2024-4302 Super 8 livechat SDK - Cross-site Scripting

Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS)...

6.1CVSS

6.3AI Score

0.0005EPSS

2024-04-29 05:46 AM
wpvulndb
wpvulndb

MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.3.9 - Missing Authorization

Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for...

6.3CVSS

6.3AI Score

0.0004EPSS

2024-04-29 12:00 AM
1
nessus
nessus

FreeBSD : GLPI -- multiple vulnerabilities (5da8b1e6-0591-11ef-9e00-080027957747)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5da8b1e6-0591-11ef-9e00-080027957747 advisory. GLPI team reports: GLPI 10.0.15 Changelog (CVE-2024-29889, CVE-2024-31456) Note that Nessus...

7.7CVSS

7.6AI Score

0.0004EPSS

2024-04-29 12:00 AM
8
trellix
trellix

The Bug Report - April 2024 Edition

The Bug Report - April 2024 Edition By Jonathan Omakun and Tobi Olawale· April 29, 2024 Why am I here? Just when you thought it was safe to go back into the digital waters, out pops another series of rogue waves in the form of CVEs! It's like that beach vacation you planned to get away from it...

8.9AI Score

0.971EPSS

2024-04-29 12:00 AM
16
nessus
nessus

FreeBSD : powerdns-recursor -- denial of service (1af16f2b-023c-11ef-8791-6805ca2fa271)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1af16f2b-023c-11ef-8791-6805ca2fa271 advisory. A crafted response from an upstream server the recursor has been configured to forward-recurse to...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-04-29 12:00 AM
4
trellix
trellix

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...

7.4AI Score

2024-04-29 12:00 AM
9
nvd
nvd

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-04-28 11:15 PM
cve
cve

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-04-28 11:15 PM
46
thn
thn

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential...

6.8AI Score

2024-04-28 01:52 PM
69
cvelist
cvelist

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId...

8.8CVSS

9AI Score

0.0004EPSS

2024-04-28 12:00 AM
Total number of security vulnerabilities42530