7.3CVSS
6.9AI Score
0.0004EPSS
7.3CVSS
7.6AI Score
0.0004EPSS
Security Bulletin: IBM Operational Decision Manager for March 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...
8.8CVSS
9.2AI Score
EPSS
Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash)....
8CVSS
7.7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through...
8.5CVSS
8.9AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through...
8.5CVSS
7.5AI Score
0.0004EPSS
CVE-2024-31370 WordPress CodeisAwesome AIKit plugin <= 4.14.1 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through...
8.5CVSS
9AI Score
0.0004EPSS
April 9, 2024—KB5036893 (OS Builds 22621.3447 and 22631.3447)
April 9, 2024—KB5036893 (OS Builds 22621.3447 and 22631.3447) 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise and Education editions. Home and Pro editions of version 22H2 will...
8.8CVSS
7.5AI Score
0.13EPSS
7.3CVSS
7.3AI Score
0.0004EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-6.5 - Linux kernel for Microsoft Azure cloud systems linux-gcp - Linux kernel for Google...
8CVSS
7.5AI Score
0.001EPSS
This Week in Spring - April 9th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Las Vegas, NV, at the moment, preparing for my part in the huuuuuge Google Cloud Next keynote. I'm so excited! And then it's off to the amazing and glorious Devnexus event! If you're at either event, please say Hi!. ...
7.3AI Score
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1640 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
8.5AI Score
0.052EPSS
Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features
Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
6.4CVSS
5.8AI Score
0.0004EPSS
KLA65507 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in...
9CVSS
9.2AI Score
0.001EPSS
AI Scam Calls: How to Protect Yourself, How to Detect
AI tools are getting better at cloning people’s voices, and scammers are using these new capabilities to commit fraud. Avoid getting swindled by following these expert...
7.3AI Score
ai-cluster.gr Cross Site Scripting vulnerability OBB-3908576
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Google Sues App Developers Over Fake Crypto Investment App Scam
Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of...
7.1AI Score
Identity Thief Lived as a Different Man for 33 Years
Plus: Microsoft scolded for a “cascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and...
7.4AI Score
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a password...
5.3CVSS
5.1AI Score
0.0004EPSS
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a password...
5.3CVSS
9.1AI Score
0.0004EPSS
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a password...
5.3CVSS
5.4AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: chromium-123.0.6312.105-1.fc39
Chromium is an open-source web browser, powered by WebKit...
8.8CVSS
6.7AI Score
0.001EPSS
Description The ShortPixel Adaptive Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate_ai_handler and deactivate_ai_handler functions in versions up to, and including, 3.8.2. This makes it possible for unauthenticated...
5.3CVSS
6.6AI Score
0.0004EPSS
Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks
By Deeba Ahmed Wiz.io, known for its cloud security expertise, and Hugging Face, a leader in open-source AI tools, are combining their knowledge to develop solutions that address these security concerns. This collaboration signifies a growing focus on securing the foundation of AI advancements....
7.3AI Score
Friday Squid Blogging: SqUID Bots
They're AI warehouse robots. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...
7.2AI Score
AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks
New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers' models, and even take over the continuous integration and...
8.6AI Score
AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details. Star the...
7.5AI Score
[SECURITY] Fedora 38 Update: chromium-123.0.6312.105-1.fc38
Chromium is an open-source web browser, powered by WebKit...
8.8CVSS
6.7AI Score
0.001EPSS
7.4AI Score
BoldGrid Easy SEO – Simple and Effective SEO < 1.6.15 - Information Exposure
Description The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a...
5.3CVSS
6.6AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
EPSS
Wiz researchers discovered architecture risks that may compromise AI-as-a-Service providers and put customer data at risk. Wiz and Hugging Face worked together to mitigate the...
7.2AI Score
Vietnam-Based Hackers Steal Financial Data Across Asia with Malware
A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially...
7.2AI Score
What’s New in Rapid7 Products & Services: Q1 2024 in Review
We kicked off 2024 with a continued focus on bringing security professionals (which if you're reading this blog, is likely you!) the tools and functionality needed to anticipate risks, pinpoint threats, and respond faster with confidence. Below we’ve highlighted some key releases and updates from.....
9.8CVSS
8.3AI Score
0.972EPSS
The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
7.6AI Score
0.0004EPSS
The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
5.7AI Score
0.0004EPSS
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it....
6.4CVSS
6.1AI Score
0.0004EPSS
The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
5.8AI Score
0.0004EPSS
Hello fellow readers! Have you ever wondered how the GitHub Security Lab performs security research? In this post, you'll learn how we leverage GitHub products and features such as code scanning, CodeQL, Codespaces, and private vulnerability reporting. By the time we conclude, you'll have mastered....
6.9AI Score
A vulnerability in the column.title and cellLinkTooltip components of the Grafana web-based data presentation tool is related to insufficient protection of the web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges A vulnerability in...
9.8CVSS
8.2AI Score
0.012EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-b4dab205d7)
The remote host is missing an update for...
8.8AI Score
0.0004EPSS
Platinum SEO <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Platinum SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
5.9CVSS
5.7AI Score
0.0004EPSS
DELUCKS SEO < 2.5.5 - Missing Authorization
Description The DELUCKS SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_reason() function in versions up to, and including, 2.5.4. This makes it possible for unauthenticated attackers to send an uninstall reason to....
5.3CVSS
6.8AI Score
0.0004EPSS
SEO Title Tag <= 3.5.9 - Reflected Cross-Site Scripting
Description The SEO Title Tag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that.....
7.1CVSS
6.3AI Score
0.0004EPSS
Description The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.9AI Score
0.0004EPSS
AI WP Writer < 3.6.5.6 - Missing Authorization
Description The AI WP Writer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 3.6.5. This makes it possible for unauthenticated attackers to perform a variety of unauthorized...
5.3CVSS
6.6AI Score
0.0004EPSS
Description The AI Twitter Feeds (Twitter widget & shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.5CVSS
5.8AI Score
0.0004EPSS
This Week in Spring - April 2nd, 2024
Welcome, welcome, welcome, to another installment of This Week in Spring! You know, we've come a long way since you and I last spoke. It's April already! A new month! How bizarre. And, with the dawning of a new month, we're also more than 25% through this year! I sure hope you're paying attention.....
7.1AI Score
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
8.4AI Score
0.052EPSS
Swalwell for Congress Campaign with Wolfsbane.ai Against AI-Generated Cloning
By Cyber Newswire Congressman Swalwell partners with Wolfsbane.ai, using advanced tech to shield his 2024 campaign from AI deepfakes and safeguard election integrity. This is a post from HackRead.com Read the original post: Swalwell for Congress Campaign with Wolfsbane.ai Against AI-Generated...
7.3AI Score