SolarWinds Serv-U Unauthenticated Arbitrary File Read
This module exploits an unauthenticated file read vulnerability, due to directory traversal, affecting SolarWinds Serv-U FTP Server 15.4, Serv-U Gateway 15.4, and Serv-U MFT Server 15.4. All versions prior to the vendor supplied hotfix "15.4.2 Hotfix 2" (version 15.4.2.157) are...
8.6CVSS
7.3AI Score
0.343EPSS
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to...
0.0004EPSS
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to...
8.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/decompressor: specify __decompress() buf len to avoid overflow Historically calls to __decompress() didn't specify "out_len" parameter on many architectures including s390, expecting that no writes beyond uncompressed kernel.....
7.5AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...
6.5CVSS
7.8AI Score
EPSS
Amazon Linux 2 : cri-tools (ALAS-2024-2568)
The version of cri-tools installed on the remote host is prior to 1.29.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2568 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...
8.2AI Score
0.0004EPSS
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to...
0.0004EPSS
10 years of the GitHub Security Bug Bounty Program
Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...
7AI Score
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale
Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the....
9.8CVSS
6.7AI Score
0.957EPSS
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Google’s Chrome changes make life harder for ad blockers
Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...
7AI Score
Apple Launches Private Cloud Compute for Privacy-Centric AI Processing
Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture.....
7.4AI Score
WP EasyCart < 5.6.0 - Missing Authorization
Description The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.19. This makes it possible for unauthenticated attackers to perform an unauthorized...
5.3CVSS
6.7AI Score
0.0004EPSS
A European Summer of Sports is Upon Us – What Does it Mean for Security?
The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....
7AI Score
CentOS 7 : glibc (RHSA-2024:3588)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3588 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting...
7.9AI Score
0.0005EPSS
TYPO3 Denial of Service in Frontend Record Registration
TYPO3’s built-in record registration functionality (aka basic shopping cart) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...
7.1AI Score
TYPO3 Denial of Service in Frontend Record Registration
TYPO3’s built-in record registration functionality (aka basic shopping cart) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...
7.1AI Score
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...
0.0004EPSS
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...
8.3AI Score
0.0004EPSS
Google will start deleting location history
Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they've been.....
6.7AI Score
Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in...
EPSS
Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in...
6.8AI Score
EPSS
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...
9.8CVSS
7.8AI Score
EPSS
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...
9.8CVSS
EPSS
The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash
Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created...
7.2AI Score
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....
6.4CVSS
6AI Score
0.001EPSS
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....
6.4CVSS
0.001EPSS
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....
6.4CVSS
5.8AI Score
0.001EPSS
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....
6.4CVSS
0.001EPSS
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...
8.1AI Score
0.0004EPSS
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...
0.0004EPSS
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...
7.8AI Score
0.0004EPSS
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...
0.0004EPSS
Fedora: Security Advisory for rust-zram-generator (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...
0.0004EPSS
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...
8.7AI Score
0.0004EPSS
JVN#79213252: WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection
WordPress Plugin "Music Store - WordPress eCommerce" provided by CodePeople contains an SQL injection vulnerability (CWE-89). ## Impact A user of the product with the administrator privilege may execute an arbitrary SQL command. Information stored in the database may be obtained or altered by the.....
7.2AI Score
0.0004EPSS
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
7.3AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.6AI Score
EPSS
Husband stalked ex-wife with seven AirTags, indictment says
Following their divorce, a husband carried out a campaign of stalking and abuse against his ex-wife—referred to only as “S.K.”—by allegedly hiding seven separate Apple AirTags on or near her car, according to documents filed by US prosecutors for the Eastern District of Pennsylvania. The...
6.2AI Score
Google Maps Timeline Data to be Stored Locally on Your Device for Privacy
Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...
7.2AI Score
Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI
Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that's designed to deliver an information stealer called Lumma (aka LummaC2). The package in question is crytic-compilers, a typosquatted version of a legitimate library...
7.1AI Score
The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....
6.4CVSS
5.7AI Score
0.001EPSS
The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....
6.4CVSS
5.8AI Score
0.001EPSS
7.4AI Score
7.4AI Score
7.4AI Score
0.0004EPSS