Praison SEO WordPress <= 4.0.15 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Praison SEO WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
6.5CVSS
5.6AI Score
0.0004EPSS
This plugin utilizes various Nessus detection methods and reports software identified by to Nessus and known to utilize "Artificial Intelligence" (AI) and Large Language Model (LLM) technology. Note that this plugin uses several detection methods. The products reported by this plugin will grow as.....
7.3AI Score
Treasury Sanctions Creators of 911 S5 Proxy Botnet
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....
7.3AI Score
Exploit for OS Command Injection in Fortinet Fortisiem
CVE-2024-23108 POC Proof of concept exploit to blindly...
10CVSS
8AI Score
0.001EPSS
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...
7.7AI Score
2 Weeks Out: Evolution at RSAC 2024
Discover the latest innovations in cyber defense and Trend's expert insights on AI, data security, and emerging...
7.3AI Score
Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...
8.2CVSS
7.2AI Score
0.016EPSS
Oracle Linux 8 : pcs (ELSA-2024-2953)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2953 advisory. [0.10.18-2.0.1] - Replace HAM-logo.png with a generic one [0.10.18-2] - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency...
5.8CVSS
7AI Score
0.0004EPSS
Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. [1.4.3.39-3] - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix ...
5.5CVSS
7.2AI Score
0.0004EPSS
Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...
9.8CVSS
7.2AI Score
0.034EPSS
RSAC 2024 Review: AI & Data Governance Priorities
Get our take on the RSA 2024 conference where we review some of the major topics covered such as AI and data...
7.3AI Score
SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts
SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...
7.4AI Score
A week in security (May 20 – May 26)
Last week on Malwarebytes Labs: How AI will change your credit card behind the scenes Criminal record database of millions of Americans dumped online Microsoft AI "Recall" feature records everything, secures far less How to remove a user from a shared Android device How to remove a user from a...
7.3AI Score
Fedora: Security Advisory for chromium (FEDORA-2024-c01c1f5f82)
The remote host is missing an update for...
9.6CVSS
9.3AI Score
0.003EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-1bc17d6ec7)
The remote host is missing an update for...
9.6CVSS
9.2AI Score
0.001EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-3a548f46a8)
The remote host is missing an update for...
9.6CVSS
9.5AI Score
0.003EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-4d2d73ab31)
The remote host is missing an update for...
8.8CVSS
7.3AI Score
0.001EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-5f84678c08)
The remote host is missing an update for...
9.6CVSS
9.2AI Score
0.001EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-5483bc2adb)
The remote host is missing an update for...
9.1AI Score
0.0004EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-8b50ca2e22)
The remote host is missing an update for...
8.8CVSS
7.4AI Score
0.001EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-55e7e839f1)
The remote host is missing an update for...
9.4AI Score
0.0004EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-decb7e94a1)
The remote host is missing an update for...
8.8CVSS
8AI Score
0.001EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-44edce9689)
The remote host is missing an update for...
8.7AI Score
0.0004EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-87bb7ffab1)
The remote host is missing an update for...
8.7AI Score
0.0004EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-5d8f4f86b0)
The remote host is missing an update for...
8.8CVSS
7.4AI Score
0.001EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-5cf9499b62)
The remote host is missing an update for...
8.8CVSS
8AI Score
0.001EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-92780a83f9)
The remote host is missing an update for...
9.4AI Score
0.0004EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-2c9be9d949)
The remote host is missing an update for...
8.8CVSS
8AI Score
0.001EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-382a7dba53)
The remote host is missing an update for...
9.6CVSS
9.3AI Score
0.003EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-12edb9dec8)
The remote host is missing an update for...
8.8CVSS
7.4AI Score
0.001EPSS
Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning
Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features (v1.0.1)- - Subdomain enumeration (2 engines +...
7.8AI Score
Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’
Plus: US surveillance reportedly targets pro-Palestinian protesters, the FBI arrests a man for AI-generated CSAM, and stalkerware targets hotel...
7.4AI Score
Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data
Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed...
8.2AI Score
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which...
7.4AI Score
The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher,...
4.3CVSS
4.7AI Score
0.0004EPSS
The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher,...
4.3CVSS
6.3AI Score
0.0004EPSS
CVE-2024-0893 Schema App Structured Data <= 1.23.1 - Missing Authorization
The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher,...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-0893 Schema App Structured Data <= 1.23.1 - Missing Authorization
The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher,...
4.3CVSS
6.5AI Score
0.0004EPSS
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
6AI Score
0.0004EPSS
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.9AI Score
0.0004EPSS
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
6AI Score
0.0004EPSS
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
6AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: chromium-125.0.6422.76-1.fc39
Chromium is an open-source web browser, powered by WebKit...
6.7AI Score
0.0004EPSS
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
5.3CVSS
7.6AI Score
0.0004EPSS
LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC Request: POST...
5.5AI Score
0.0004EPSS
[1.4.3.39-3] - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix [1.4.3.39-2] - Bump version to 1.4.3.39-2 - Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to...
5.5CVSS
7.3AI Score
0.0004EPSS
LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.6AI Score
0.0004EPSS
SEOPress < 7.6 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others due to insufficient input sanitization and output escaping. This makes it possible for attackers, with contributor access or higher, to inject arbitrary web scripts in....
6.4CVSS
6AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 118 vulnerabilities disclosed in 90...
10CVSS
9.4AI Score
EPSS
The Wiz Research team's investigations into AI-as-a-service providers reveals a major risk to AI...
7.2AI Score