Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.4CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search...
6AI Score
0.0004EPSS
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name...
6AI Score
0.0004EPSS
6.8AI Score
0.0004EPSS
Debian dla-3787 : xdmx - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3787 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length...
7.8CVSS
7.6AI Score
0.0005EPSS
9.8CVSS
7.4AI Score
0.959EPSS
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name...
6AI Score
0.0004EPSS
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name...
6AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cdb5e0e3-fafc-11ee-9c21-901b0e9408dc advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...
6.2AI Score
0.0004EPSS
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search...
6.2AI Score
0.0004EPSS
CrushFTP Remote Code Execution Exploit
This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session...
9.8CVSS
8.8AI Score
0.959EPSS
Updated golang packages fix security vulnerability
CVE-2023-45288: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
7.2AI Score
0.0004EPSS
SUSE SLES12 Security Update : xorg-x11-server (SUSE-SU-2024:1263-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1263-1 advisory. A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph()...
7.8CVSS
8AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xorg-x11-server (SUSE-SU-2024:1262-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1262-1 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's...
7.8CVSS
7.3AI Score
0.0005EPSS
Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...
8CVSS
7.6AI Score
EPSS
SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2024:1261-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1261-1 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() ...
7.8CVSS
7.9AI Score
0.0005EPSS
Debian dsa-5657 : xdmx - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5657 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped...
7.8CVSS
7.3AI Score
0.0005EPSS
SUSE SLES15 Security Update : xorg-x11-server (SUSE-SU-2024:1260-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1260-1 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue...
7.8CVSS
7.9AI Score
0.0005EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xwayland (SUSE-SU-2024:1264-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1264-1 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's...
7.8CVSS
7.9AI Score
0.0005EPSS
Metasploit Weekly Wrap-Up 04/12/24
Account Takeover using Shadow Credentials The new release of Metasploit Framework includes a Shadow Credentials module added by smashery used for reliably taking over an Active Directory user account or computer, and letting future authentication to happen as that account. This can be chained...
7.8AI Score
EPSS
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
8.8CVSS
8.7AI Score
0.0004EPSS
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
8.8CVSS
7.1AI Score
0.0004EPSS
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
8.8CVSS
7.2AI Score
0.0004EPSS
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
8.8CVSS
8.8AI Score
0.0004EPSS
Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker
Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom...
7.3AI Score
Oracle Linux 7 : X.Org / server (ELSA-2024-1785)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1785 advisory. A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called...
7.8CVSS
7.6AI Score
0.0005EPSS
Security Updates Outlook for Windows (April 2024)
The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by a spoofing vulnerability. External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control....
8.1CVSS
7.9AI Score
0.001EPSS
Apple warns people of mercenary attacks via threat notification system
Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it's detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...
9.9CVSS
9.8AI Score
0.082EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.7AI Score
0.963EPSS
Python's PyPI Reveals Its Secrets
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...
7.3AI Score
Python's PyPI Reveals Its Secrets
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...
7.3AI Score
Issue Overview: The ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server. AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyph_new array...
7.8CVSS
7.7AI Score
0.0004EPSS
Issue Overview: The ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server. AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyph_new array...
7.8CVSS
7.7AI Score
0.0004EPSS
Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a...
7.8CVSS
7.1AI Score
0.0005EPSS
Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a...
7.8CVSS
7.1AI Score
0.0005EPSS
Description The Ultimate Store Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.5CVSS
5.8AI Score
0.0004EPSS
The Etcd configuration parameter store vulnerability is related to sending an authentication request to the etcdserver with a username and password. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate their...
9.8CVSS
7.6AI Score
0.003EPSS
Shopping Cart & eCommerce Store < 5.6.4 - Contributor+ SQL Injection
Description The plugin is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...
8.8CVSS
8.7AI Score
0.0004EPSS
SUSE SLES12 Security Update : xorg-x11-server (SUSE-SU-2024:1199-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1199-1 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue...
7.8CVSS
7.3AI Score
0.0005EPSS
Juniper Junos OS Multiple Vulnerabilities (JSA79108)
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA79108 advisory. This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow...
9.8CVSS
9.3AI Score
0.007EPSS
FreeBSD : forgejo -- HTTP/2 CONTINUATION flood in net/http (c092be0e-f7cc-11ee-aa6b-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c092be0e-f7cc-11ee-aa6b-b42e991fc52e advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...
8.1AI Score
0.0004EPSS
Context stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage StateDB: it is the general interface to retrieve accounts and holds a map of...
9.1CVSS
7.2AI Score
0.0004EPSS
Context stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage StateDB: it is the general interface to retrieve accounts and holds a map of...
9.1CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through...
6.5CVSS
9.3AI Score
0.0004EPSS
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
CVE-2024-31342 WordPress Gallery Exporter plugin <= 1.3 - Arbitrary File Download vulnerability
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan
An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not....
7.1AI Score
7.8CVSS
7AI Score
EPSS