Lucene search

K

Sermon'e – Sermons Online Security Vulnerabilities

nessus
nessus

FreeBSD : kanboard -- Project Takeover via IDOR in ProjectPermissionController (91929399-249e-11ef-9296-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91929399-249e-11ef-9296-b42e991fc52e advisory. [email protected] reports: Kanboard is project management software that focuses on the...

8.2CVSS

6.8AI Score

0.0004EPSS

2024-06-08 12:00 AM
1
github
github

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

7AI Score

2024-06-07 07:56 PM
osv
osv

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

7AI Score

2024-06-07 07:56 PM
1
osv
osv

TYPO3 Cross-Site Scripting in Online Media Asset Rendering

Failing to properly encode user input, online media asset rendering (*.youtube and *.vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...

6.7AI Score

2024-06-07 07:43 PM
2
github
github

TYPO3 Cross-Site Scripting in Online Media Asset Rendering

Failing to properly encode user input, online media asset rendering (*.youtube and *.vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...

6.7AI Score

2024-06-07 07:43 PM
cve
cve

CVE-2024-5745

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to...

7.3CVSS

7.3AI Score

0.0004EPSS

2024-06-07 06:15 PM
38
nvd
nvd

CVE-2024-5745

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to...

7.3CVSS

0.0004EPSS

2024-06-07 06:15 PM
2
cvelist
cvelist

CVE-2024-5745 itsourcecode Bakery Online Ordering System unrestricted upload

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to...

7.3CVSS

0.0004EPSS

2024-06-07 05:31 PM
3
vulnrichment
vulnrichment

CVE-2024-5745 itsourcecode Bakery Online Ordering System unrestricted upload

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to...

7.3CVSS

6.9AI Score

0.0004EPSS

2024-06-07 05:31 PM
malwarebytes
malwarebytes

Google will start deleting location history

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they've been.....

6.7AI Score

2024-06-07 04:26 PM
5
nvd
nvd

CVE-2024-5438

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS

0.001EPSS

2024-06-07 01:15 PM
6
cve
cve

CVE-2024-5438

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS

4.4AI Score

0.001EPSS

2024-06-07 01:15 PM
20
cvelist
cvelist

CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS

0.001EPSS

2024-06-07 12:33 PM
vulnrichment
vulnrichment

CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS

6.7AI Score

0.001EPSS

2024-06-07 12:33 PM
1
nvd
nvd

CVE-2024-5734

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

8.8CVSS

0.002EPSS

2024-06-07 12:15 PM
4
cve
cve

CVE-2024-5733

A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file register_me.php. The manipulation of the argument eaddress leads to sql injection. The attack may be initiated remotely. The exploit has been....

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-07 12:15 PM
23
nvd
nvd

CVE-2024-5733

A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file register_me.php. The manipulation of the argument eaddress leads to sql injection. The attack may be initiated remotely. The exploit has been....

9.8CVSS

0.001EPSS

2024-06-07 12:15 PM
3
cve
cve

CVE-2024-5734

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

8.8CVSS

6.5AI Score

0.002EPSS

2024-06-07 12:15 PM
24
cvelist
cvelist

CVE-2024-5734 itsourcecode Online Discussion Forum poster.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

6.3CVSS

0.002EPSS

2024-06-07 11:31 AM
2
vulnrichment
vulnrichment

CVE-2024-5734 itsourcecode Online Discussion Forum poster.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

6.3CVSS

7AI Score

0.002EPSS

2024-06-07 11:31 AM
1
cvelist
cvelist

CVE-2024-5733 itsourcecode Online Discussion Forum register_me.php sql injection

A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file register_me.php. The manipulation of the argument eaddress leads to sql injection. The attack may be initiated remotely. The exploit has been....

7.3CVSS

0.001EPSS

2024-06-07 11:31 AM
thn
thn

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects....

7.7AI Score

2024-06-07 07:48 AM
3
nvd
nvd

CVE-2024-4902

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS

0.0004EPSS

2024-06-07 05:15 AM
cve
cve

CVE-2024-4902

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS

7.6AI Score

0.0004EPSS

2024-06-07 05:15 AM
24
cvelist
cvelist

CVE-2024-4902 Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS

0.0004EPSS

2024-06-07 04:33 AM
1
openbugbounty
openbugbounty

online-reitschule.de Cross Site Scripting vulnerability OBB-3933444

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-07 03:51 AM
5
openbugbounty
openbugbounty

online-admissions.cust.edu.pk Cross Site Scripting vulnerability OBB-3933443

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-07 03:50 AM
2
wpvulndb
wpvulndb

Tutor LMS – eLearning and online course solution < 2.7.2 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS

6.6AI Score

0.001EPSS

2024-06-07 12:00 AM
1
packetstorm

7.4AI Score

2024-06-07 12:00 AM
80
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.6AI Score

EPSS

2024-06-06 03:09 PM
10
malwarebytes
malwarebytes

Advance Auto Parts customer data posted for sale

A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. Allegedly the customer data includes: Names Email...

7.4AI Score

2024-06-06 12:57 PM
5
kitploit
kitploit

Thief Raccoon - Login Phishing Tool

Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating systems. This tool is intended to raise awareness about cybersecurity threats and help users understand the importance of security measures like 2FA and password...

7.3AI Score

2024-06-06 12:30 PM
32
openbugbounty
openbugbounty

online-concussion.pwcs.edu Cross Site Scripting vulnerability OBB-3933267

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-06 10:27 AM
7
wired
wired

How to Lead an Army of Digital Sleuths in the Age of AI

Eliot Higgins and his 28,000 forensic foot soldiers at Bellingcat have kept a miraculous nose for truth—and a sharp sense of its limits—in Gaza, Ukraine, and everywhere else atrocities hide...

7.4AI Score

2024-06-06 07:00 AM
4
wpvulndb
wpvulndb

Tutor LMS – eLearning and online course solution < 2.7.2 -Authenticated (Administrator+) SQL Injection

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...

7.2CVSS

7.3AI Score

0.0004EPSS

2024-06-06 12:00 AM
2
zdi
zdi

Microsoft Artifact Registry Container Images Empty Password Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Artifact Registry Container images. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default credentials set within the image. The issue...

7.2AI Score

2024-06-06 12:00 AM
1
zdi
zdi

Microsoft Azure SQL Managed Instance Documentation SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain attack....

8.1AI Score

2024-06-06 12:00 AM
5
packetstorm

7.4AI Score

2024-06-06 12:00 AM
77
packetstorm

9.8CVSS

7AI Score

0.035EPSS

2024-06-06 12:00 AM
85
nessus
nessus

FreeBSD : cyrus-imapd -- unbounded memory allocation (14908bda-232b-11ef-b621-00155d645102)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 14908bda-232b-11ef-b621-00155d645102 advisory. Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2...

6.5CVSS

6.6AI Score

0.0005EPSS

2024-06-06 12:00 AM
2
github
github

Digital products download without proper payment status check

Impact Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Patches New versions for the Aimeos HTML client 2020-2024 are...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-05 01:30 PM
osv
osv

Digital products download without proper payment status check

Impact Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Patches New versions for the Aimeos HTML client 2020-2024 are...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-05 01:30 PM
2
malwarebytes
malwarebytes

Financial sextortion scams on the rise

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie....

6.8AI Score

2024-06-05 01:30 PM
2
malwarebytes
malwarebytes

Say hello to the fifth generation of Malwarebytes

Announcing the latest version of Malwarebytes, which brings a faster, responsive, and consistent user interface, integrated security and privacy, and expert guidance to keep you secure. Here's what you can expect: 1. Unified user experience across platforms The new generation of Malwarebytes now...

7.3AI Score

2024-06-05 12:37 PM
8
schneier
schneier

Online Privacy and Overfishing

Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions weren't about how hackers were using the tools (that was utterly predictable), but about how Microsoft figured it out. The natural conclusion.....

7AI Score

2024-06-05 11:00 AM
5
cve
cve

CVE-2024-5636

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The.....

9.8CVSS

7.6AI Score

0.001EPSS

2024-06-05 01:15 AM
21
nvd
nvd

CVE-2024-5636

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The.....

9.8CVSS

6.8AI Score

0.001EPSS

2024-06-05 01:15 AM
1
vulnrichment
vulnrichment

CVE-2024-5636 itsourcecode Bakery Online Ordering System index.php sql injection

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The.....

6.3CVSS

7.3AI Score

0.001EPSS

2024-06-05 12:31 AM
cvelist
cvelist

CVE-2024-5636 itsourcecode Bakery Online Ordering System index.php sql injection

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The.....

6.3CVSS

6.8AI Score

0.001EPSS

2024-06-05 12:31 AM
3
zdt

9.8CVSS

7AI Score

0.035EPSS

2024-06-05 12:00 AM
18
Total number of security vulnerabilities42683