7.4AI Score
Description The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input...
6.4CVSS
5.8AI Score
0.001EPSS
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host...
4.8CVSS
5AI Score
0.0004EPSS
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host...
4.8CVSS
5.1AI Score
0.0004EPSS
Kubernetes Secrets Store CSI Driver plugins arbitrary file write in...
6.5CVSS
6.5AI Score
0.001EPSS
CVE-2024-4812 Katello: potential cross-site scripting exploit in ui
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host...
4.8CVSS
5AI Score
0.0004EPSS
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host...
4.8CVSS
5.1AI Score
0.0004EPSS
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
7.4CVSS
5.5AI Score
0.001EPSS
Description The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes.....
6.4CVSS
5.8AI Score
0.001EPSS
TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats
Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isn't confined to Azure; in Google Cloud Platform (GCP) environments there is a 98% failure rate of encryption-related controls for both compute engine and storage...
7.2AI Score
(RHSA-2024:3581) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....
6.1AI Score
0.001EPSS
(RHSA-2024:3580) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....
6.1AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue...
6.1CVSS
6.1AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3581 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
7.2AI Score
0.001EPSS
Description The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
7.4CVSS
5.8AI Score
0.001EPSS
Employee And Visitor Gate Pass Logging System 1.0 SQL Injection Vulnerability
Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...
8.7AI Score
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3580 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...
7.5CVSS
7.2AI Score
0.001EPSS
Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a deprecated...
7.4AI Score
EPSS
Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a deprecated...
6.8AI Score
EPSS
PCI DSS 4.0: Get Audit-Ready for the New Requirements
The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...
7.6AI Score
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
6.9AI Score
RHEL 5 : subversion (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. subversion: Command injection through clients via malicious svn+ssh URLs (CVE-2017-9800) Svnserve in...
9.8CVSS
8.9AI Score
0.129EPSS
RHEL 7 : pyopenssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. pyOpenSSL: Failure to release memory before removing last reference in PKCS #12 Store (CVE-2018-1000808) Note that...
5.9CVSS
7.2AI Score
0.003EPSS
RHEL 7 : docker (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. docker: Docker Engine in debug mode may sometimes add secrets to the debug log leading to information ...
7.5CVSS
7.2AI Score
0.042EPSS
RHEL 6 : pyopenssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. pyOpenSSL: Failure to release memory before removing last reference in PKCS #12 Store (CVE-2018-1000808) Note that...
5.9CVSS
5.7AI Score
0.003EPSS
RHEL 5 : pyopenssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. pyOpenSSL: Failure to release memory before removing last reference in PKCS #12 Store (CVE-2018-1000808) Note that...
5.9CVSS
5.7AI Score
0.003EPSS
7.4AI Score
RHEL 7 : db4 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libdb: Reads DB_CONFIG from the current working directory (CVE-2017-10140) Vulnerability in the Data...
7.8CVSS
5.1AI Score
0.001EPSS
RHEL 7 : 389-ds-base (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default (CVE-2018-10871) ...
7.2CVSS
7.9AI Score
0.002EPSS
Exploit for Type Confusion in Google Chrome
Chrome Renderer 1day RCE via Type Confusion in Async Stack...
8.8CVSS
6.7AI Score
0.001EPSS
EvilSlackbot - A Slack Bot Phishing Framework For Red Teaming Exercises
EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Disclaimer This tool is intended for Security Professionals only. Do not use this tool against any Slack workspace without explicit permission to test. Use at your own risk. Background...
7AI Score
[SECURITY] Fedora 39 Update: rust-zram-generator-1.1.2-11.fc39
This is a systemd unit generator that enables swap on zram. (With zram, there is no physical swap device. Part of the available RAM is used to store compressed pages, essentially trading CPU cycles for memory.) To activate, install zram-generator-defaults...
7AI Score
4.9CVSS
6.7AI Score
0.013EPSS
Online Payment Hub System 1.0 SQL Injection Vulnerability
Online Payment Hub System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...
8.7AI Score
Ticketmaster confirms customer data breach
Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...
7.4AI Score
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.7AI Score
0.001EPSS
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.001EPSS
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
4.9CVSS
7AI Score
EPSS
Check Point Security Gateway Arbitrary File Read
This module leverages an unauthenticated arbitrary root file read vulnerability for Check Point Security Gateway appliances. When the IPSec VPN or Mobile Access blades are enabled on affected devices, traversal payloads can be used to read any files on the local file system. Password hashes read...
8.6CVSS
7.4AI Score
0.945EPSS
7.5AI Score
7.4AI Score
7.5AI Score
Amazon Linux 2 : amazon-ecr-credential-helper (ALASECS-2024-036)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-036 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive ...
6.6AI Score
0.0004EPSS
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.6AI Score
0.0004EPSS
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.8AI Score
0.0004EPSS
Amazon Linux 2 : golist (ALAS-2024-2556)
The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2556 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read...
5.3CVSS
7.6AI Score
0.001EPSS
Amazon Linux 2 : amazon-ecr-credential-helper (ALASNITRO-ENCLAVES-2024-040)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-040 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...
6.5AI Score
0.0004EPSS
Amazon Linux 2 : amazon-ecr-credential-helper (ALASDOCKER-2024-039)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-039 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...
6.5AI Score
0.0004EPSS