Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
Photo: David Adams, MV Dali and the Francis Scott Key Bridge collapse - 240326-A-SE916-6662, A layer has been added showing a character and a speech bubble, CC0 1.0 TL;DR Ships can be hacked Was the MV Dali hacked? Practically impossible Polarised views from uninformed commentators do not help...
7.5AI Score
Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker
Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom...
7.3AI Score
Gibbon School Platform Authenticated PHP Deserialization Exploit
A Remote Code Execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it...
8.7AI Score
0.179EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 31617e47-7eec-4c60-9fdf-8aee61622bab advisory. Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker...
8.8CVSS
5.7AI Score
0.001EPSS
Why CISA is Warning CISOs About a Breach at Sisense
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense....
7.5AI Score
Apple warns people of mercenary attacks via threat notification system
Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it's detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware...
7.1AI Score
How to check if your data was exposed in the AT&T breach
AT&T has notified US state authorities and regulators about its recent (or not) data breach, saying 51,226,382 people were affected. For those that have missed the story so far: Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T. On March 20, 2024, we reported how the data...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...
9.9CVSS
9.8AI Score
0.082EPSS
Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
The April 2024 Patch Tuesday update includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by...
8.8CVSS
8.2AI Score
0.004EPSS
BookingPress < 1.0.82 - Authenticated (Customer+) Insecure Direct Object Reference
Description The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.81 due to missing validation on a user controlled key. This makes it possible for...
4.3CVSS
6.5AI Score
0.0004EPSS
Masteriyo - LMS < 1.7.3 - Unauthenticated Privilege Escalation
Description The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_logged_in_user() function in all versions up to, and including, 1.7.2. This makes it possible for...
9.8CVSS
6.6AI Score
0.0004EPSS
FreeBSD : Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6 (dad6294c-f7c1-11ee-bb77-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the dad6294c-f7c1-11ee-bb77-001b217b3468 advisory. Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos...
8.7CVSS
6.7AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7c217849-f7d7-11ee-a490-84a93843eb75 advisory. Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when ...
6.2AI Score
0.0004EPSS
Smart Online Order for Clover < 1.5.5 - Cross-Site Request Forgery
Description The Smart Online Order for Clover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on the page_coupons() function. This makes it possible for unauthenticated attackers to...
5.4CVSS
6.2AI Score
0.0004EPSS
FreeBSD : jose -- DoS vulnerability (02be46c1-f7cc-11ee-aa6b-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 02be46c1-f7cc-11ee-aa6b-b42e991fc52e advisory. latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via...
6.9AI Score
0.0004EPSS
Description The Formsite | Embed online forms to collect orders, registrations, leads, and surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for...
6.5CVSS
5.8AI Score
0.0004EPSS
FreeBSD : forgejo -- HTTP/2 CONTINUATION flood in net/http (c092be0e-f7cc-11ee-aa6b-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c092be0e-f7cc-11ee-aa6b-b42e991fc52e advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...
8.1AI Score
0.0004EPSS
FreeBSD : wordpress -- XSS (ea4a2dfc-f761-11ee-af2c-589cfc0f81b0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ea4a2dfc-f761-11ee-af2c-589cfc0f81b0 advisory. The Wordpress team reports: A cross-site scripting (XSS) vulnerability affecting the Avatar block...
6AI Score
FreeBSD : chromium -- multiple security fixes (4a026b6c-f2b8-11ee-8e76-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 4a026b6c-f2b8-11ee-8e76-a8a1599412c6 advisory. Inappropriate implementation in V8. (CVE-2024-3156) Use after free in Bookmarks....
8.8CVSS
7.5AI Score
0.001EPSS
FreeBSD : electron{27,28} -- multiple vulnerabilities (c2431c4e-622c-4d92-996d-d8b5258ae8c9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c2431c4e-622c-4d92-996d-d8b5258ae8c9 advisory. Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to...
7.7AI Score
0.0004EPSS
How to protect yourself from online harassment
It takes a little to receive a lot of online hate today, from simply working as a school administrator to playing a role in a popular movie or video game. But these moments of personal crisis have few, immediate solutions, as the current proposals to curb and stem online harassment zero in on the.....
7.6AI Score
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual...
7.5CVSS
7.4AI Score
0.0004EPSS
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual...
7.5CVSS
6.7AI Score
0.0004EPSS
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the...
7.5CVSS
7.4AI Score
0.0004EPSS
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the...
7.5CVSS
7.4AI Score
0.0004EPSS
CVE-2024-3385 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the...
7.5CVSS
7.6AI Score
0.0004EPSS
CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual...
7.5CVSS
7.6AI Score
0.0004EPSS
PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the...
7.5CVSS
7.1AI Score
0.0004EPSS
Introducing the Digital Footprint Portal
Digital security is about so much more than malware. That wasn’t always the case. When I started Malwarebytes more than 16 years ago, malware was the primary security concern—the annoying pop-ups, the fast-spreading viruses, the catastrophic worms—and throughout our company’s history,...
7AI Score
Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware
Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within...
7.6AI Score
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated...
6.4CVSS
6.1AI Score
0.0004EPSS
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated...
6.4CVSS
6AI Score
0.0004EPSS
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access...
6.4CVSS
5.7AI Score
0.0004EPSS
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access...
6.4CVSS
5.7AI Score
0.0004EPSS
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated...
6.4CVSS
6.2AI Score
0.0004EPSS
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access...
6.4CVSS
5.8AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file academic_year_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can.....
3.5CVSS
3.8AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file academic_year_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can.....
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Campcodes Complete Online Student Management System 1.0. Affected is an unknown function of the file attendance_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to launch the attack...
3.5CVSS
3.7AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Campcodes Complete Online Student Management System 1.0. Affected is an unknown function of the file attendance_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to launch the attack...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file courses_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be initiated...
3.5CVSS
3.7AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file courses_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be initiated...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file academic_year_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can.....
3.5CVSS
4.2AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Campcodes Complete Online Student Management System 1.0. Affected is an unknown function of the file attendance_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to launch the attack...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file courses_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be initiated...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file Marks_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be initiated...
3.5CVSS
6.3AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file Marks_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be initiated...
3.5CVSS
3.9AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Online Event Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely....
3.5CVSS
3.8AI Score
0.0004EPSS