SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to...
0.0004EPSS
Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through...
4.3CVSS
0.0004EPSS
10 years of the GitHub Security Bug Bounty Program
Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...
7AI Score
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale
Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the....
9.8CVSS
6.7AI Score
0.957EPSS
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Google’s Chrome changes make life harder for ad blockers
Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...
7AI Score
Apple Launches Private Cloud Compute for Privacy-Centric AI Processing
Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture.....
7.4AI Score
[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.12.0-1.fc39
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks...
8.3CVSS
8.4AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.12.0-1.fc40
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks...
8.3CVSS
8.4AI Score
0.0004EPSS
Fedora 39 : prometheus-podman-exporter (2024-1bae1999ba)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1bae1999ba advisory. release 1.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
8.3CVSS
8.3AI Score
0.0004EPSS
Fedora: Security Advisory for prometheus-podman-exporter (FEDORA-2024-2f8a62d6d6)
The remote host is missing an update for...
8.3CVSS
8.4AI Score
0.0004EPSS
Fedora 40 : prometheus-podman-exporter (2024-2f8a62d6d6)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-2f8a62d6d6 advisory. release 1.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
8.3CVSS
8.3AI Score
0.0004EPSS
Fedora: Security Advisory for prometheus-podman-exporter (FEDORA-2024-1bae1999ba)
The remote host is missing an update for...
8.3CVSS
8.4AI Score
0.0004EPSS
WP EasyCart < 5.6.0 - Missing Authorization
Description The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.19. This makes it possible for unauthenticated attackers to perform an unauthorized...
5.3CVSS
6.7AI Score
0.0004EPSS
A European Summer of Sports is Upon Us – What Does it Mean for Security?
The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....
7AI Score
CentOS 7 : glibc (RHSA-2024:3588)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3588 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting...
7.9AI Score
0.0005EPSS
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...
0.0004EPSS
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...
8.3AI Score
0.0004EPSS
Google will start deleting location history
Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they've been.....
6.7AI Score
Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in...
EPSS
Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in...
6.8AI Score
EPSS
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...
9.8CVSS
7.8AI Score
EPSS
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...
9.8CVSS
EPSS
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path....
8.1CVSS
0.001EPSS
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path....
8.1CVSS
7.2AI Score
0.001EPSS
The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash
Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created...
7.2AI Score
CVE-2024-5637 Market Exporter <= 2.0.19 - Missing Authorization to Arbitrary File Deletion
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path....
7.5CVSS
0.001EPSS
CVE-2024-5637 Market Exporter <= 2.0.19 - Missing Authorization to Arbitrary File Deletion
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path....
7.5CVSS
6.7AI Score
0.001EPSS
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...
8.1AI Score
0.0004EPSS
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...
0.0004EPSS
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...
7.8AI Score
0.0004EPSS
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the...
0.0004EPSS
Fedora: Security Advisory for rust-zram-generator (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...
0.0004EPSS
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL...
8.7AI Score
0.0004EPSS
JVN#79213252: WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection
WordPress Plugin "Music Store - WordPress eCommerce" provided by CodePeople contains an SQL injection vulnerability (CWE-89). ## Impact A user of the product with the administrator privilege may execute an arbitrary SQL command. Information stored in the database may be obtained or altered by the.....
7.2AI Score
0.0004EPSS
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
7.3AI Score
0.0004EPSS
Husband stalked ex-wife with seven AirTags, indictment says
Following their divorce, a husband carried out a campaign of stalking and abuse against his ex-wife—referred to only as “S.K.”—by allegedly hiding seven separate Apple AirTags on or near her car, according to documents filed by US prosecutors for the Eastern District of Pennsylvania. The...
6.2AI Score
Google Maps Timeline Data to be Stored Locally on Your Device for Privacy
Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...
7.2AI Score
Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI
Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that's designed to deliver an information stealer called Lumma (aka LummaC2). The package in question is crytic-compilers, a typosquatted version of a legitimate library...
7.1AI Score
The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....
6.4CVSS
5.7AI Score
0.001EPSS
The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....
6.4CVSS
5.8AI Score
0.001EPSS
7.4AI Score
7.4AI Score
7.4AI Score
0.0004EPSS