WordLift – AI Powered SEO – Schema Security Vulnerabilities

CVE-2024-3761 Missing Authorization on Delete Datasets in lunary-ai/lunary

In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a...

CVE-2024-3368

The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-3368

The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-3368 All in One SEO < 4.6.1.1 - Contributor+ Stored XSS

The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-3368 All in One SEO < 4.6.1.1 - Contributor+ Stored XSS

The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

Copymatic – AI Content Writer & Generator < 1.7 - Unauthenticated Arbitrary File Upload

Description The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code.....

[SECURITY] Fedora 38 Update: chromium-125.0.6422.60-1.fc38

Chromium is an open-source web browser, powered by WebKit...

[SECURITY] Fedora 39 Update: chromium-125.0.6422.60-1.fc39

Chromium is an open-source web browser, powered by WebKit...

CVE-2023-52660

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time. If such a call happens while the ISP is powered down, the SoC will...

CVE-2023-52660

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time. If such a call happens while the ISP is powered down, the SoC will...

CVE-2023-52660

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time. If such a call happens while the ISP is powered down, the SoC will...

CVE-2023-52660

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time. If such a call happens while the ISP is powered down, the SoC will...

CVE-2023-52660 media: rkisp1: Fix IRQ handling due to shared interrupts

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time. If such a call happens while the ISP is powered down, the SoC will...

CVE-2023-52660 media: rkisp1: Fix IRQ handling due to shared interrupts

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time. If such a call happens while the ISP is powered down, the SoC will...

Exploit for OS Command Injection in Fortinet Fortisiem

CVE-2023-34992: Fortinet FortiSIEM Unauthenticated Command...

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. "Deuterbear, while similar to Waterbear in many ways, shows...

CVE-2024-31351

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through...

CVE-2024-31351

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through...

CVE-2023-23888

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through...

CVE-2023-23888

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through...

CVE-2023-23888 WordPress Rank Math SEO plugin <= 1.0.107.2 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through...

CVE-2024-31351 WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through...

CVE-2024-31351 WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through...

[SECURITY] Fedora 40 Update: chromium-125.0.6422.60-1.fc40

Chromium is an open-source web browser, powered by WebKit...

Rank Math SEO with AI Best SEO Tools < 1.0.219-beta - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Yoast SEO < 22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-52660

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time. If such a call happens while the ISP is powered down, the SoC will...

Rounding up some of the major headlines from RSA

While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...

CVE-2024-4617

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4617

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4617 Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4617 Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines

Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances. "The impacts enabled by these flaws are...

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI.....

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI.....

CVE-2024-3403 Local File Inclusion in imartinez/privategpt

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI.....

CVE-2024-3403 Local File Inclusion in imartinez/privategpt

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI.....

CVE-2024-30293 Adobe Animate 2024 AI File parsing Stack base buffer overflow Remote Code execution Vulnerability

Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2024-30293 Adobe Animate 2024 AI File parsing Stack base buffer overflow Remote Code execution Vulnerability

Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2024-4984

The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-4984

The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-4984 Yoast SEO <= 22.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-4984 Yoast SEO <= 22.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

Exploit for CVE-2024-32640

Muraider - Automating the detection & Exploitation of...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi:...

AI Engine: ChatGPT Chatbot < 2.2.70 - Authenticated (Editor+) Arbitrary File Upload

Description The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.2.63. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected....

Mautic is vulnerable to XSS vulnerability

Impact This is a cross-site scripting vulnerability which affects every version of Mautic and could allow an attacker unauthorised administrator level access to Mautic. This vulnerability was reported by Naveen Sunkavally at Horizon3.ai. Patches Upgrade to 3.2.4 or 2.16.5. Link to patch for 2.x...

Mautic is vulnerable to XSS vulnerability

Impact This is a cross-site scripting vulnerability which affects every version of Mautic and could allow an attacker unauthorised administrator level access to Mautic. This vulnerability was reported by Naveen Sunkavally at Horizon3.ai. Patches Upgrade to 3.2.4 or 2.16.5. Link to patch for 2.x...

Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps

Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data. This constitutes an update to the Play Integrity API that third-party app developers can take advantage of to secure their applications against malware....