Lucene search

K

Sermon'e – Sermons Online Security Vulnerabilities

nessus
nessus

FreeBSD : py-social-auth-app-django -- Improper Handling of Case Sensitivity (b3affee8-04d1-11ef-8928-901b0ef714d4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b3affee8-04d1-11ef-8928-901b0ef714d4 advisory. Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due...

4.9CVSS

7.1AI Score

0.0004EPSS

2024-04-28 12:00 AM
9
nessus
nessus

RHEL 7 : openstack-nova and python-novaclient (RHSA-2018:0369)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0369 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....

6.5CVSS

6.7AI Score

0.001EPSS

2024-04-27 12:00 AM
3
rapid7blog
rapid7blog

Metasploit Weekly Wrap-Up 04/26/24

Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...

10AI Score

0.957EPSS

2024-04-26 07:49 PM
21
nessus
nessus

FreeBSD : chromium -- multiple security fixes (7a42852d-0347-11ef-9f97-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7a42852d-0347-11ef-9f97-a8a1599412c6 advisory. Type Confusion in ANGLE. (CVE-2024-4058) Out of bounds read in V8 API. (CVE-2024-4059) ...

8.8CVSS

9.5AI Score

0.001EPSS

2024-04-26 12:00 AM
11
wpvulndb
wpvulndb

Tutor LMS < 2.7.0 - Missing Authorization to Unauthenticated Limited Options Update

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers.....

6.5CVSS

6.7AI Score

0.0005EPSS

2024-04-26 12:00 AM
9
talosblog
talosblog

The private sector probably isn’t coming to save the NVD

I wrote last week about the problems arising from the massive backlog of vulnerabilities at the U.S. National Vulnerability Database. Thousands of CVEs are still without analysis data, and the once-reliable database of every single vulnerability that's disclosed and/or patched is now so far...

7.3AI Score

0.001EPSS

2024-04-25 06:00 PM
11
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

9.9AI Score

EPSS

2024-04-25 03:56 PM
42
talosblog
talosblog

Talos IR trends: BEC attacks surge, while weaknesses in MFA persist

Business email compromise (BEC) was the top threat observed by Cisco Talos Incident Response (Talos IR) in the first quarter of 2024, accounting for nearly half of engagements, which is more than double what was observed in the previous quarter. The most observed means of gaining initial access...

8.3AI Score

0.733EPSS

2024-04-25 12:00 PM
14
schneier
schneier

The Rise of Large-Language-Model Optimization

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming....

6.7AI Score

2024-04-25 11:02 AM
10
thn
thn

DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions

The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds. To that end,....

7.4AI Score

2024-04-25 10:21 AM
25
nvd
nvd

CVE-2024-3994

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS

5.1AI Score

0.0004EPSS

2024-04-25 10:15 AM
cve
cve

CVE-2024-3994

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS

5.7AI Score

0.0004EPSS

2024-04-25 10:15 AM
32
cvelist
cvelist

CVE-2024-3994

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS

5.2AI Score

0.0004EPSS

2024-04-25 09:29 AM
nvd
nvd

CVE-2023-51478

Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through...

9.8CVSS

9.6AI Score

0.0004EPSS

2024-04-25 08:15 AM
cve
cve

CVE-2023-51478

Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through...

9.8CVSS

6.9AI Score

0.0004EPSS

2024-04-25 08:15 AM
34
cvelist
cvelist

CVE-2023-51478 WordPress Build App Online plugin <= 1.0.19 - Unauthenticated Account Takeover vulnerability

Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through...

9.8CVSS

9.7AI Score

0.0004EPSS

2024-04-25 07:56 AM
zdi
zdi

Microsoft uAMQP for Python azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft uAMQP for Python. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of uAMQP for Python. When installed from the official...

7.7AI Score

2024-04-25 12:00 AM
19
nessus
nessus

FreeBSD : Gitlab -- vulnerabilities (b857606c-0266-11ef-8681-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b857606c-0266-11ef-8681-001b217b3468 advisory. An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all...

8.5CVSS

6.2AI Score

0.0004EPSS

2024-04-25 12:00 AM
3
nessus
nessus

FreeBSD : py-matrix-synapse -- weakness in auth chain indexing allows DoS (bdfa6c04-027a-11ef-9c21-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bdfa6c04-027a-11ef-9c21-901b0e9408dc advisory. Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-04-25 12:00 AM
6
metasploit
metasploit

NorthStar C2 XSS to Agent RCE

NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored xss. An unauthenticated user can simulate an agent registration to cause the XSS and take over a users session. With this access, it is then possible to run a new payload.....

6.2AI Score

0.002EPSS

2024-04-24 08:54 PM
12
thn
thn

U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April.....

7.1AI Score

2024-04-24 01:43 PM
20
malwarebytes
malwarebytes

TikTok comes one step closer to a US ban

The US Senate has approved a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app. Social video platform TikTok has experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5...

7.2AI Score

2024-04-24 12:01 PM
13
nessus
nessus

FreeBSD : GLPI -- multiple vulnerabilities (faccf131-00d9-11ef-92b7-589cfc023192)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the faccf131-00d9-11ef-92b7-589cfc023192 advisory. GLPI is a Free Asset and IT Management Software package. When authentication is made against...

8.1CVSS

7.3AI Score

0.001EPSS

2024-04-24 12:00 AM
10
nessus
nessus

FreeBSD : ruby -- Arbitrary memory address read vulnerability with Regex search (2ce1a2f1-0177-11ef-a45e-08002784c58d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2ce1a2f1-0177-11ef-a45e-08002784c58d advisory. sp2ip reports: If attacker-supplied data is provided to the Ruby regex ...

7AI Score

EPSS

2024-04-24 12:00 AM
7
nessus
nessus

FreeBSD : GLPI -- multiple vulnerabilities (ed688880-00c4-11ef-92b7-589cfc023192)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ed688880-00c4-11ef-92b7-589cfc023192 advisory. GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior...

9.8CVSS

9.4AI Score

0.001EPSS

2024-04-24 12:00 AM
3
nessus
nessus

FreeBSD : sdl2_sound -- multiple vulnerabilities (304d92c3-00c5-11ef-bd52-080027bff743)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 304d92c3-00c5-11ef-bd52-080027bff743 advisory. stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted...

7.8CVSS

7.9AI Score

0.001EPSS

2024-04-24 12:00 AM
2
wpvulndb
wpvulndb

Tutor LMS – eLearning and online course solution < 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user...

5.4CVSS

5.9AI Score

0.0004EPSS

2024-04-24 12:00 AM
7
nessus
nessus

FreeBSD : GLPI -- multiple vulnerabilities (bb49f1fa-00da-11ef-92b7-589cfc023192)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bb49f1fa-00da-11ef-92b7-589cfc023192 advisory. GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service...

7.7CVSS

7.3AI Score

0.001EPSS

2024-04-24 12:00 AM
4
nvd
nvd

CVE-2024-4073

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can.....

5.4CVSS

4.2AI Score

0.001EPSS

2024-04-23 11:15 PM
nvd
nvd

CVE-2024-4074

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched....

3.5CVSS

3.7AI Score

0.0004EPSS

2024-04-23 11:15 PM
nvd
nvd

CVE-2024-4075

A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file login.php. The manipulation of the argument txtAddress leads to cross site scripting. It is possible to initiate the attack remotely. The.....

3.5CVSS

3.7AI Score

0.0004EPSS

2024-04-23 11:15 PM
cve
cve

CVE-2024-4075

A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file login.php. The manipulation of the argument txtAddress leads to cross site scripting. It is possible to initiate the attack remotely. The.....

3.5CVSS

6.2AI Score

0.0004EPSS

2024-04-23 11:15 PM
27
cve
cve

CVE-2024-4073

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can.....

5.4CVSS

6.2AI Score

0.001EPSS

2024-04-23 11:15 PM
32
nvd
nvd

CVE-2024-4072

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown function of the file search.php. The manipulation of the argument txtSearch leads to cross site scripting. It is possible to launch the attack...

5.4CVSS

4.2AI Score

0.001EPSS

2024-04-23 11:15 PM
cve
cve

CVE-2024-4072

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown function of the file search.php. The manipulation of the argument txtSearch leads to cross site scripting. It is possible to launch the attack...

5.4CVSS

6.2AI Score

0.001EPSS

2024-04-23 11:15 PM
46
cve
cve

CVE-2024-4074

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched....

3.5CVSS

6.2AI Score

0.0004EPSS

2024-04-23 11:15 PM
28
cvelist
cvelist

CVE-2024-4075 Kashipara Online Furniture Shopping Ecommerce Website login.php cross site scripting

A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file login.php. The manipulation of the argument txtAddress leads to cross site scripting. It is possible to initiate the attack remotely. The.....

3.5CVSS

4.1AI Score

0.0004EPSS

2024-04-23 11:00 PM
cvelist
cvelist

CVE-2024-4074 Kashipara Online Furniture Shopping Ecommerce Website prodInfo.php cross site scripting

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched....

3.5CVSS

4.1AI Score

0.0004EPSS

2024-04-23 11:00 PM
cvelist
cvelist

CVE-2024-4073 Kashipara Online Furniture Shopping Ecommerce Website prodList.php cross site scripting

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can.....

3.5CVSS

5.5AI Score

0.001EPSS

2024-04-23 10:31 PM
cvelist
cvelist

CVE-2024-4072 Kashipara Online Furniture Shopping Ecommerce Website search.php cross site scripting

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown function of the file search.php. The manipulation of the argument txtSearch leads to cross site scripting. It is possible to launch the attack...

3.5CVSS

5.5AI Score

0.001EPSS

2024-04-23 10:31 PM
nvd
nvd

CVE-2024-4071

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit.....

8.8CVSS

7.3AI Score

0.001EPSS

2024-04-23 10:15 PM
nvd
nvd

CVE-2024-4070

A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-04-23 10:15 PM
nvd
nvd

CVE-2024-4069

A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-04-23 10:15 PM
cve
cve

CVE-2024-4069

A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-04-23 10:15 PM
26
cve
cve

CVE-2024-4070

A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The...

6.3CVSS

7.5AI Score

0.0004EPSS

2024-04-23 10:15 PM
27
cve
cve

CVE-2024-4071

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit.....

8.8CVSS

7.3AI Score

0.001EPSS

2024-04-23 10:15 PM
36
cvelist
cvelist

CVE-2024-4071 Kashipara Online Furniture Shopping Ecommerce Website prodInfo.php sql injection

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit.....

6.3CVSS

9.2AI Score

0.001EPSS

2024-04-23 10:00 PM
cvelist
cvelist

CVE-2024-4070 Kashipara Online Furniture Shopping Ecommerce Website prodList.php sql injection

A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The...

6.3CVSS

7.1AI Score

0.0004EPSS

2024-04-23 10:00 PM
vulnrichment
vulnrichment

CVE-2024-4070 Kashipara Online Furniture Shopping Ecommerce Website prodList.php sql injection

A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The...

6.3CVSS

7.5AI Score

0.0004EPSS

2024-04-23 10:00 PM
cvelist
cvelist

CVE-2024-4069 Kashipara Online Furniture Shopping Ecommerce Website search.php sql injection

A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The...

6.3CVSS

7AI Score

0.0004EPSS

2024-04-23 09:31 PM
Total number of security vulnerabilities42530