Lucene search

K

Sermon'e – Sermons Online Security Vulnerabilities

nvd
nvd

CVE-2024-5635

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely....

9.8CVSS

6.8AI Score

0.001EPSS

2024-06-04 10:15 PM
3
cve
cve

CVE-2024-5635

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely....

9.8CVSS

7.7AI Score

0.001EPSS

2024-06-04 10:15 PM
2
cvelist
cvelist

CVE-2024-5635 itsourcecode Bakery Online Ordering System index.php sql injection

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely....

6.3CVSS

6.8AI Score

0.001EPSS

2024-06-04 10:00 PM
2
malwarebytes
malwarebytes

US residents targeted by utility scammers on Google

Back in February, we reported on malicious ads related to utility bills (electricity, gas) that direct victims to call centers where scammers will collect their identity and try to extort money from them. A few months later, we checked and were able to find as many Google ads as before, following.....

7.2AI Score

2024-06-04 09:05 PM
6
malwarebytes
malwarebytes

Debt collection agency FBCS leaks information of 3 million US citizens

The US debt collection agency Financial Business and Consumer Solutions (FBCS) has filed a data breach notification, listing the the total number of people affected as 3,226,631. FBCS is a nationally licensed, third-party collection agency that collects commercial and consumer debts, with most of.....

7.5AI Score

2024-06-04 11:58 AM
9
nessus
nessus

FreeBSD : chromium -- multiple security fixes (b058380e-21a4-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b058380e-21a4-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 11 security fixes: Tenable has extracted the...

9.8AI Score

0.0004EPSS

2024-06-04 12:00 AM
1
nvd
nvd

CVE-2024-34987

A SQL Injection vulnerability exists in the ofrs/admin/index.php script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login...

8AI Score

0.001EPSS

2024-06-03 08:15 PM
cve
cve

CVE-2024-34987

A SQL Injection vulnerability exists in the ofrs/admin/index.php script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login...

8.8AI Score

0.001EPSS

2024-06-03 08:15 PM
15
malwarebytes
malwarebytes

800 arrests, 40 tons of drugs, and one backdoor, or what a phone startup gave the FBI, with Joseph Cox: Lock and Code S05E12

This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...

7.2AI Score

2024-06-03 02:55 PM
4
redhatcve
redhatcve

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.3AI Score

0.0004EPSS

2024-06-03 02:02 PM
2
redhatcve
redhatcve

CVE-2024-36906

In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: [ 33.452494] ================================================================== [ 33.453513] BUG: KASAN: stack-out-of-bounds in...

6.2AI Score

0.0004EPSS

2024-06-03 01:33 PM
1
schneier
schneier

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...

6.9AI Score

2024-06-03 11:06 AM
5
securelist
securelist

IT threat evolution in Q1 2024. Mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in Q1 2024: 10.1 million attacks using malware, adware, or unwanted mobile software were blocked. The most...

7.9AI Score

2024-06-03 10:00 AM
5
securelist
securelist

IT threat evolution in Q1 2024. Non-mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....

6.9AI Score

2024-06-03 10:00 AM
5
cvelist
cvelist

CVE-2024-34987

A SQL Injection vulnerability exists in the ofrs/admin/index.php script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login...

8AI Score

0.001EPSS

2024-06-03 12:00 AM
1
zdt
zdt

Online Payment Hub System 1.0 SQL Injection Vulnerability

Online Payment Hub System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...

8.7AI Score

2024-06-02 12:00 AM
15
malwarebytes
malwarebytes

Ticketmaster confirms customer data breach

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...

7.4AI Score

2024-06-01 08:09 PM
5
malwarebytes
malwarebytes

How to tell if a VPN app added your Windows device to a botnet

On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....

7.2AI Score

2024-05-31 04:37 PM
9
thn
thn

OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered

OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence (AI) tools to manipulate public discourse or political outcomes online while obscuring their true...

6.8AI Score

2024-05-31 08:11 AM
5
nvd
nvd

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-31 07:15 AM
cve
cve

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-31 07:15 AM
27
vulnrichment
vulnrichment

CVE-2024-5427 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-31 06:40 AM
1
cvelist
cvelist

CVE-2024-5427 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-31 06:40 AM
1
packetstorm

7.4AI Score

2024-05-31 12:00 AM
32
talosblog
talosblog

Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks

My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....

9.8CVSS

7.4AI Score

0.001EPSS

2024-05-30 06:00 PM
6
nvd
nvd

CVE-2024-5518

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

6.3CVSS

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
cve
cve

CVE-2024-5518

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-30 04:15 PM
27
cve
cve

CVE-2024-36906

In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: [ 33.452494] ================================================================== [ 33.453513] BUG: KASAN: stack-out-of-bounds in...

6.4AI Score

0.0004EPSS

2024-05-30 04:15 PM
24
nvd
nvd

CVE-2024-36906

In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: [ 33.452494] ================================================================== [ 33.453513] BUG: KASAN: stack-out-of-bounds in...

6.2AI Score

0.0004EPSS

2024-05-30 04:15 PM
debiancve
debiancve

CVE-2024-36906

In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: [ 33.452494] ================================================================== [ 33.453513] BUG: KASAN: stack-out-of-bounds in...

6.3AI Score

0.0004EPSS

2024-05-30 04:15 PM
3
cve
cve

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
debiancve
debiancve

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
2
nvd
nvd

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.3AI Score

0.0004EPSS

2024-05-30 04:15 PM
github
github

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

7AI Score

2024-05-30 03:33 PM
1
osv
osv

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

7AI Score

2024-05-30 03:33 PM
1
vulnrichment
vulnrichment

CVE-2024-5518 itsourcecode Online Discussion Forum change_profile_picture.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-30 03:31 PM
cvelist
cvelist

CVE-2024-5518 itsourcecode Online Discussion Forum change_profile_picture.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

6.3CVSS

6.5AI Score

0.0004EPSS

2024-05-30 03:31 PM
cvelist
cvelist

CVE-2024-36906 ARM: 9381/1: kasan: clear stale stack poison

In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: [ 33.452494] ================================================================== [ 33.453513] BUG: KASAN: stack-out-of-bounds in...

6.2AI Score

0.0004EPSS

2024-05-30 03:29 PM
cvelist
cvelist

CVE-2024-36888 workqueue: Fix selection of wake_cpu in kick_pool()

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.2AI Score

0.0004EPSS

2024-05-30 03:28 PM
1
vulnrichment
vulnrichment

CVE-2024-36888 workqueue: Fix selection of wake_cpu in kick_pool()

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle...

6.7AI Score

0.0004EPSS

2024-05-30 03:28 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

9.8CVSS

10AI Score

0.035EPSS

2024-05-30 03:23 PM
14
krebs
krebs

‘Operation Endgame’ Hits Malware Delivery Platforms

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort.....

7.1AI Score

2024-05-30 03:19 PM
2
cve
cve

CVE-2024-5517

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely......

7.3CVSS

7.7AI Score

0.0004EPSS

2024-05-30 03:15 PM
5
nvd
nvd

CVE-2024-5517

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely......

7.3CVSS

7.5AI Score

0.0004EPSS

2024-05-30 03:15 PM
github
github

TYPO3 Cross-Site Scripting in Online Media Asset Rendering

Failing to properly encode user input, online media asset rendering (.youtube and .vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...

6.7AI Score

2024-05-30 02:48 PM
osv
osv

TYPO3 Cross-Site Scripting in Online Media Asset Rendering

Failing to properly encode user input, online media asset rendering (.youtube and .vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...

6.7AI Score

2024-05-30 02:48 PM
cvelist
cvelist

CVE-2024-5517 itsourcecode Online Blood Bank Management System changepwd.php sql injection

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely......

7.3CVSS

7.5AI Score

0.0004EPSS

2024-05-30 02:31 PM
1
cve
cve

CVE-2024-5516

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file massage.php. The manipulation of the argument bid leads to sql injection. The attack can be launched remotely.....

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-30 02:15 PM
24
nvd
nvd

CVE-2024-5516

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file massage.php. The manipulation of the argument bid leads to sql injection. The attack can be launched remotely.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-30 02:15 PM
cvelist
cvelist

CVE-2024-5516 itsourcecode Online Blood Bank Management System massage.php sql injection

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file massage.php. The manipulation of the argument bid leads to sql injection. The attack can be launched remotely.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-30 01:31 PM
Total number of security vulnerabilities42683