Lucene search

K

Sermon'e – Sermons Online Security Vulnerabilities

talosblog
talosblog

Rounding up some of the major headlines from RSA

While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...

7.8CVSS

7.6AI Score

0.001EPSS

2024-05-16 06:00 PM
8
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...

10CVSS

9.5AI Score

EPSS

2024-05-16 01:04 PM
21
ics
ics

GE Healthcare Ultrasound Products (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: low attack complexity Vendor: GE Healthcare Equipment: Ultrasound Products Vulnerability: Protection Mechanism Failure, Incorrect User Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with...

7.4CVSS

7AI Score

0.001EPSS

2024-05-16 12:00 PM
44
ics
ics

Siemens SIMATIC RTLS Locating Manager

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

10CVSS

9.2AI Score

0.009EPSS

2024-05-16 12:00 PM
9
malwarebytes
malwarebytes

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That's a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing.....

7.5AI Score

2024-05-16 11:45 AM
8
cve
cve

CVE-2024-4223

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete...

9.8CVSS

6.6AI Score

0.001EPSS

2024-05-16 09:15 AM
25
cve
cve

CVE-2024-4946

A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 06:15 AM
23
nvd
nvd

CVE-2024-4946

A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack...

6.3CVSS

6.5AI Score

0.0004EPSS

2024-05-16 06:15 AM
cve
cve

CVE-2024-4318

The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for.....

8.8CVSS

7.1AI Score

0.001EPSS

2024-05-16 06:15 AM
26
cve
cve

CVE-2024-4279

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow....

6.5CVSS

6.5AI Score

0.001EPSS

2024-05-16 06:15 AM
24
nvd
nvd

CVE-2024-4279

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow....

6.5CVSS

6.6AI Score

0.001EPSS

2024-05-16 06:15 AM
cvelist
cvelist

CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow....

6.5CVSS

6.8AI Score

0.001EPSS

2024-05-16 05:33 AM
vulnrichment
vulnrichment

CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow....

6.5CVSS

6.7AI Score

0.001EPSS

2024-05-16 05:33 AM
cvelist
cvelist

CVE-2024-4946 SourceCodester Online Art Gallery Management System adminHome.php unrestricted upload

A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack...

6.3CVSS

6.7AI Score

0.0004EPSS

2024-05-16 05:31 AM
1
vulnrichment
vulnrichment

CVE-2024-4946 SourceCodester Online Art Gallery Management System adminHome.php unrestricted upload

A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-16 05:31 AM
cve
cve

CVE-2024-4932

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manage_user. The manipulation of the argument id leads to sql injection. It is possible to....

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-16 05:15 AM
23
cve
cve

CVE-2024-4933

A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The manipulation of the argument id leads to sql...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-16 05:15 AM
23
cve
cve

CVE-2024-4931

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-system/admin/index.php?page=view_udet. The manipulation of the argument id leads to sql injection. The....

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-16 05:15 AM
24
nvd
nvd

CVE-2024-4931

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-system/admin/index.php?page=view_udet. The manipulation of the argument id leads to sql injection. The....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 05:15 AM
nvd
nvd

CVE-2024-4933

A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The manipulation of the argument id leads to sql...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 05:15 AM
nvd
nvd

CVE-2024-4932

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manage_user. The manipulation of the argument id leads to sql injection. It is possible to....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 05:15 AM
cvelist
cvelist

CVE-2024-4933 SourceCodester Simple Online Bidding System sql injection

A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The manipulation of the argument id leads to sql...

6.3CVSS

7.1AI Score

0.0004EPSS

2024-05-16 05:00 AM
vulnrichment
vulnrichment

CVE-2024-4933 SourceCodester Simple Online Bidding System sql injection

A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The manipulation of the argument id leads to sql...

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-16 05:00 AM
cvelist
cvelist

CVE-2024-4932 SourceCodester Simple Online Bidding System sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manage_user. The manipulation of the argument id leads to sql injection. It is possible to....

6.3CVSS

7.1AI Score

0.0004EPSS

2024-05-16 04:31 AM
cvelist
cvelist

CVE-2024-4931 SourceCodester Simple Online Bidding System sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-system/admin/index.php?page=view_udet. The manipulation of the argument id leads to sql injection. The....

6.3CVSS

7.1AI Score

0.0004EPSS

2024-05-16 04:31 AM
vulnrichment
vulnrichment

CVE-2024-4931 SourceCodester Simple Online Bidding System sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-system/admin/index.php?page=view_udet. The manipulation of the argument id leads to sql injection. The....

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-16 04:31 AM
nvd
nvd

CVE-2024-4930

A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. This vulnerability affects unknown code of the file /simple-online-bidding-system/index.php?page=view_prod. The manipulation of the argument id leads to sql injection. The attack can be initiated...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-16 04:15 AM
cve
cve

CVE-2024-4930

A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. This vulnerability affects unknown code of the file /simple-online-bidding-system/index.php?page=view_prod. The manipulation of the argument id leads to sql injection. The attack can be initiated...

6.3CVSS

7.5AI Score

0.0004EPSS

2024-05-16 04:15 AM
23
nvd
nvd

CVE-2024-4929

A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the.....

4.3CVSS

4.6AI Score

0.0004EPSS

2024-05-16 04:15 AM
cve
cve

CVE-2024-4929

A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the.....

4.3CVSS

6.7AI Score

0.0004EPSS

2024-05-16 04:15 AM
24
cvelist
cvelist

CVE-2024-4930 SourceCodester Simple Online Bidding System sql injection

A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. This vulnerability affects unknown code of the file /simple-online-bidding-system/index.php?page=view_prod. The manipulation of the argument id leads to sql injection. The attack can be initiated...

6.3CVSS

7.2AI Score

0.0004EPSS

2024-05-16 04:00 AM
vulnrichment
vulnrichment

CVE-2024-4930 SourceCodester Simple Online Bidding System sql injection

A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. This vulnerability affects unknown code of the file /simple-online-bidding-system/index.php?page=view_prod. The manipulation of the argument id leads to sql injection. The attack can be initiated...

6.3CVSS

7.5AI Score

0.0004EPSS

2024-05-16 04:00 AM
cvelist
cvelist

CVE-2024-4929 SourceCodester Simple Online Bidding System cross-site request forgery

A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the.....

4.3CVSS

5AI Score

0.0004EPSS

2024-05-16 03:31 AM
vulnrichment
vulnrichment

CVE-2024-4929 SourceCodester Simple Online Bidding System cross-site request forgery

A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the.....

4.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 03:31 AM
cve
cve

CVE-2024-4927

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload....

7.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 03:15 AM
24
nvd
nvd

CVE-2024-4927

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload....

7.3CVSS

6.5AI Score

0.0004EPSS

2024-05-16 03:15 AM
1
nvd
nvd

CVE-2024-4928

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete_category. The manipulation of the argument id leads to sql...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 03:15 AM
cve
cve

CVE-2024-4928

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete_category. The manipulation of the argument id leads to sql...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-16 03:15 AM
23
cvelist
cvelist

CVE-2024-4928 SourceCodester Simple Online Bidding System sql injection

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete_category. The manipulation of the argument id leads to sql...

6.3CVSS

7AI Score

0.0004EPSS

2024-05-16 03:00 AM
vulnrichment
vulnrichment

CVE-2024-4928 SourceCodester Simple Online Bidding System sql injection

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete_category. The manipulation of the argument id leads to sql...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-16 03:00 AM
vulnrichment
vulnrichment

CVE-2024-4927 SourceCodester Simple Online Bidding System unrestricted upload

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload....

7.3CVSS

6.9AI Score

0.0004EPSS

2024-05-16 02:31 AM
cvelist
cvelist

CVE-2024-4927 SourceCodester Simple Online Bidding System unrestricted upload

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload....

7.3CVSS

6.7AI Score

0.0004EPSS

2024-05-16 02:31 AM
nvd
nvd

CVE-2024-4920

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attack may be initiated remotely. The exploit...

7.3CVSS

7.3AI Score

0.0004EPSS

2024-05-16 12:15 AM
nvd
nvd

CVE-2024-4919

A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql injection. The attack can be initiated...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 12:15 AM
2
cve
cve

CVE-2024-4919

A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql injection. The attack can be initiated...

6.3CVSS

7.5AI Score

0.0004EPSS

2024-05-16 12:15 AM
19
cve
cve

CVE-2024-4920

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attack may be initiated remotely. The exploit...

7.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 12:15 AM
4
cvelist
cvelist

CVE-2024-4920 SourceCodester Online Discussion Forum Site registerH.php unrestricted upload

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attack may be initiated remotely. The exploit...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-05-16 12:00 AM
cvelist
cvelist

CVE-2024-4919 Campcodes Online Examination System addCourseExe.php sql injection

A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql injection. The attack can be initiated...

6.3CVSS

7.1AI Score

0.0004EPSS

2024-05-15 11:31 PM
vulnrichment
vulnrichment

CVE-2024-4919 Campcodes Online Examination System addCourseExe.php sql injection

A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql injection. The attack can be initiated...

6.3CVSS

7.5AI Score

0.0004EPSS

2024-05-15 11:31 PM
nvd
nvd

CVE-2024-4918

A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. This affects an unknown part of the file updateQuestion.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-15 11:15 PM
Total number of security vulnerabilities42530