WooCommerce Multivendor Marketplace – REST API Security Vulnerabilities

Northwind Demo 1.0 Cross Site Scripting

...

RHEL 8 : tomcat (RHSA-2024:3666)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3666 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat:...

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando...

PHP 8.3.x < 8.3.8 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.8 advisory. sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php- cgi), does not...

tomcat security and bug fix update

[1:9.0.87-1.el8_10.1] - Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly - Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) -...

PHP 8.1.x < 8.1.29 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.29 advisory. sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php- cgi), does not...

Oracle Linux 8 : tomcat (ELSA-2024-3666)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3666 advisory. - Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Tenable has extracted the...

AlmaLinux 8 : tomcat (ALSA-2024:3666)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3666 advisory. * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug...

Security Bulletin: NVIDIA GPU Display Driver - June 2024

NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...

PHP 8.2.x < 8.2.20 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.20 advisory. sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php- cgi), does not...

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to version...

Node.js Modules Installed (Windows)

Nessus was able to enumerate one or more Node.js modules installed on the remote Windows host. Note that 'Perform thorough tests' may be required for an in-depth search of all Node.js...

CVE-2024-5184

The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or...

CVE-2024-5184

The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or...

CVE-2024-5184 Prompt Injection in EmailGPT

The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or...

CVE-2024-5184 Prompt Injection in EmailGPT

The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or...

Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as....

Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as....

Exploit for Path Traversal in Oracle Weblogic Server

...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-31904]

Summary Calls to the Admin API in IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability. [CVE-2024-31904] Vulnerability Details ** CVEID:...

Information Disclosure in TYPO3 CMS

HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called...

Information Disclosure in TYPO3 CMS

HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called...

Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher

Rancher's Steve API Component Improper authorization check allows privilege escalation in...

40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the.....

Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. "The overall goal behind the campaign was to maintain access to the target network for cyberespionage in.....

Unpacking 2024's SaaS Threat Predictions

Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security....

SQL Injection

github.com/goharbor/harbor is vulnerable to SQL Injection. The vulnerability is due to the improper usage of prepared statements within the ListScanTasksByReportUUID function in task.go, which allows an attacker with administrator, project_admin, or project_maintainer roles to execute arbitrary...

Sensitive Information Disclosure

ethyca_fides is vulnerable to Information Disclosure. The vulnerability is due to improper masking of nested sensitive fields such as private_key in the BigQuery connection configuration, which allows an attacker to expose the sensitive fields in plaintext via certain API...

Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows...

SQL Injection

typo3/cms is vulnerable to SQL injection. The vulnerability is due to a flaw in the database escaping API when configured for MySQL passthrough mode, which affects all queries using DatabaseConnection::sql_query, even if arguments were properly escaped with...

CVE-2024-5483

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic...

CVE-2024-5483

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic...

CVE-2024-5483 LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic...

CVE-2024-5483 LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic...

[SECURITY] Fedora 40 Update: qt5-qtwebchannel-5.15.14-1.fc40

The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes...

[SECURITY] Fedora 40 Update: qt5-qtserialbus-5.15.14-1.fc40

Qt Serial Bus (API) provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and...

[SECURITY] Fedora 40 Update: qt5-qtsensors-5.15.14-1.fc40

The Qt Sensors API provides access to sensor hardware via QML and C++ interfaces. The Qt Sensors API also provides a motion gesture recognition API for...

BuddyPress Members Only <= 3.3.5 - Improper Access Control to Sensitive Information Exposure via REST API

Description The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to.....

Digital products download without proper payment status check

Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't...

K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343

Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...

K000139901: PyYAML vulnerability CVE-2017-18342

Security Advisory Description In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. (CVE-2017-18342) Impact.....

Remote code execution in web server context

User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web...

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory...

K000139917: Libxml2 vulnerability CVE-2022-40303

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution < 4.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter

Description The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hover_animation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping....

F5 Networks BIG-IP : PyYAML vulnerability (K000139901)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139901 advisory. In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load()...

openSUSE: Security Advisory for Java (SUSE-SU-2024:1874-1)

The remote host is missing an update for...

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory...

Restrict for Elementor <= 1.0.6 - Protection Mechanism Bypass

Description The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.6 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to.....

Directus is soft-locked by providing a string value to random string util

Describe the Bug Providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions...