Lucene search

K

WooCommerce Multiple Customer Addresses & Shipping Security Vulnerabilities

githubexploit
githubexploit

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-15 07:37 PM
2
wired
wired

Ukrainian Sailors Are Using Telegram to Avoid Being Tricked Into Smuggling Oil for Russia

Contract seafarers in Ukraine are turning to online whisper networks to keep themselves from being hired into Russia’s sanctions-busting shadow...

7.2AI Score

2024-06-15 11:00 AM
1
cve
cve

CVE-2024-2544

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

7.4CVSS

7AI Score

0.0004EPSS

2024-06-15 02:15 AM
2
nvd
nvd

CVE-2024-2544

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

7.4CVSS

0.0004EPSS

2024-06-15 02:15 AM
1
cvelist
cvelist

CVE-2024-2544 Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

7.4CVSS

0.0004EPSS

2024-06-15 02:01 AM
2
nessus
nessus

Debian dla-3828 : atril - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3828 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3828-1 [email protected] ...

9.6CVSS

9.1AI Score

0.005EPSS

2024-06-15 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2024:2031-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2031-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated...

8.3CVSS

8.7AI Score

0.0004EPSS

2024-06-15 12:00 AM
githubexploit
githubexploit

Exploit for Path Traversal in Solarwinds Serv-U

CVE-2024-28995 PoC and Bulk Scanner Overview This...

8.6CVSS

6.7AI Score

0.001EPSS

2024-06-14 11:05 PM
26
osv
osv

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 08:15 PM
cve
cve

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-14 08:15 PM
8
nvd
nvd

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

0.0004EPSS

2024-06-14 08:15 PM
1
vulnrichment
vulnrichment

CVE-2024-37889 MyFinances Allows Unauthorized Access to Other Customer Data

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-14 07:12 PM
cvelist
cvelist

CVE-2024-37889 MyFinances Allows Unauthorized Access to Other Customer Data

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

0.0004EPSS

2024-06-14 07:12 PM
3
malwarebytes
malwarebytes

Truist bank confirms data breach

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets,....

7.7AI Score

2024-06-14 04:29 PM
4
cve
cve

CVE-2024-33373

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...

7.1AI Score

0.0004EPSS

2024-06-14 04:15 PM
8
nvd
nvd

CVE-2024-33373

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...

0.0004EPSS

2024-06-14 04:15 PM
2
nvd
nvd

CVE-2024-33377

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web...

0.0004EPSS

2024-06-14 03:15 PM
1
nvd
nvd

CVE-2024-33375

LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...

0.0004EPSS

2024-06-14 03:15 PM
nvd
nvd

CVE-2024-33374

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without...

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-33375

LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...

7.2AI Score

0.0004EPSS

2024-06-14 03:15 PM
4
cve
cve

CVE-2024-33377

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web...

7.4AI Score

0.0004EPSS

2024-06-14 03:15 PM
5
cve
cve

CVE-2024-33374

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without...

7.2AI Score

0.0004EPSS

2024-06-14 03:15 PM
4
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

6.7AI Score

0.001EPSS

2024-06-14 02:00 PM
3
rocky
rocky

booth security update

An update is available for booth. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Booth cluster ticket manager is a component to bridge high availability...

7.4CVSS

7.2AI Score

0.001EPSS

2024-06-14 02:00 PM
rocky
rocky

glibc security update

An update is available for glibc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...

7.8AI Score

0.0005EPSS

2024-06-14 02:00 PM
osv
osv

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

7.9AI Score

0.0005EPSS

2024-06-14 02:00 PM
3
rocky
rocky

booth security update

An update is available for booth. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Booth cluster ticket manager is a component to bridge high availability...

7.4CVSS

7.2AI Score

0.001EPSS

2024-06-14 01:59 PM
osv
osv

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

7.4CVSS

7.6AI Score

0.001EPSS

2024-06-14 01:59 PM
1
osv
osv

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

7AI Score

0.0004EPSS

2024-06-14 01:59 PM
rocky
rocky

glibc security update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...

7.5AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-06-14 01:59 PM
rocky
rocky

sssd security update

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon (SSSD) service provides a set of daemons to....

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Traefik has unexpected behavior with IPv4-mapped IPv6 addresses in github.com/traefik/traefik

Traefik has unexpected behavior with IPv4-mapped IPv6 addresses in...

6.3AI Score

0.0004EPSS

2024-06-14 01:41 PM
nvd
nvd

CVE-2024-2472

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

0.001EPSS

2024-06-14 10:15 AM
2
cve
cve

CVE-2024-2472

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

9AI Score

0.001EPSS

2024-06-14 10:15 AM
7
cvelist
cvelist

CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

0.001EPSS

2024-06-14 09:36 AM
5
vulnrichment
vulnrichment

CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

6.7AI Score

0.001EPSS

2024-06-14 09:36 AM
nvd
nvd

CVE-2023-51497

Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-14 06:15 AM
2
cve
cve

CVE-2023-51497

Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-14 06:15 AM
30
vulnrichment
vulnrichment

CVE-2023-51497 WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...

5.4CVSS

6.9AI Score

0.0004EPSS

2024-06-14 05:33 AM
cvelist
cvelist

CVE-2023-51497 WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-14 05:33 AM
3
fedora
fedora

[SECURITY] Fedora 39 Update: cyrus-imapd-3.8.3-1.fc39

The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contac ts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...

6.5CVSS

7.1AI Score

0.0005EPSS

2024-06-14 04:43 AM
mageia
mageia

Updated golang packages fix security vulnerabilities

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

6.3AI Score

0.0004EPSS

2024-06-14 04:31 AM
3
cvelist
cvelist

CVE-2024-27145 Multiple Post-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

9.8CVSS

0.0004EPSS

2024-06-14 02:33 AM
1
vulnrichment
vulnrichment

CVE-2024-27145 Multiple Post-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

9.8CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:33 AM
fedora
fedora

[SECURITY] Fedora 40 Update: cyrus-imapd-3.8.3-1.fc40

The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contac ts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...

6.5CVSS

7.1AI Score

0.0005EPSS

2024-06-14 01:45 AM
nessus
nessus

Fedora 39 : cyrus-imapd (2024-123f2b3666)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-123f2b3666 advisory. - Security fix for CVE-2024-34055 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus.....

6.5CVSS

6.9AI Score

0.0005EPSS

2024-06-14 12:00 AM
nessus
nessus

Apple TV < 19K53 Multiple Vulnerabilities (HT212980)

According to its banner, the version of Apple TV on the remote device is prior to 19K53. It is therefore affected by multiple vulnerabilities as described in the...

8.8CVSS

7.1AI Score

0.007EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : bind and dhcp (RLSA-2024:3271)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3271 advisory. * bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator...

7.5CVSS

9.3AI Score

0.05EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : fence-agents (RLSA-2024:2968)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2968 advisory. * urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803) * pycryptodome: side-channel...

6.1CVSS

7.8AI Score

0.001EPSS

2024-06-14 12:00 AM
1
Total number of security vulnerabilities334684