WordLift – AI Powered SEO – Schema Security Vulnerabilities

Praison SEO WordPress <= 4.0.15 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Praison SEO WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

AI/LLM Software Report

This plugin utilizes various Nessus detection methods and reports software identified by to Nessus and known to utilize "Artificial Intelligence" (AI) and Large Language Model (LLM) technology. Note that this plugin uses several detection methods. The products reported by this plugin will grow as.....

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....

Exploit for OS Command Injection in Fortinet Fortisiem

CVE-2024-23108 POC Proof of concept exploit to blindly...

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...

2 Weeks Out: Evolution at RSAC 2024

Discover the latest innovations in cyber defense and Trend's expert insights on AI, data security, and emerging...

Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...

Oracle Linux 8 : pcs (ELSA-2024-2953)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2953 advisory. [0.10.18-2.0.1] - Replace HAM-logo.png with a generic one [0.10.18-2] - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency...

Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. [1.4.3.39-3] - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix ...

Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...

RSAC 2024 Review: AI & Data Governance Priorities

Get our take on the RSA 2024 conference where we review some of the major topics covered such as AI and data...

SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts

SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...

A week in security (May 20 &#8211; May 26)

Last week on Malwarebytes Labs: How AI will change your credit card behind the scenes Criminal record database of millions of Americans dumped online Microsoft AI "Recall" feature records everything, secures far less How to remove a user from a shared Android device How to remove a user from a...

Fedora: Security Advisory for chromium (FEDORA-2024-c01c1f5f82)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-1bc17d6ec7)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-3a548f46a8)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-4d2d73ab31)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-5f84678c08)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-5483bc2adb)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-8b50ca2e22)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-55e7e839f1)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-decb7e94a1)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-44edce9689)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-87bb7ffab1)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-5d8f4f86b0)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-5cf9499b62)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-92780a83f9)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-2c9be9d949)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-382a7dba53)

The remote host is missing an update for...

Fedora: Security Advisory for chromium (FEDORA-2024-12edb9dec8)

The remote host is missing an update for...

Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning

Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features (v1.0.1)- - Subdomain enumeration (2 engines +...

Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’

Plus: US surveillance reportedly targets pro-Palestinian protesters, the FBI arrests a man for AI-generated CSAM, and stalkerware targets hotel...

Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data

Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed...

Beware: These Fake Antivirus Sites Spreading Android and Windows Malware

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which...

CVE-2024-0893

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher,...

CVE-2024-0893

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher,...

CVE-2024-0893 Schema App Structured Data <= 1.23.1 - Missing Authorization

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher,...

CVE-2024-0893 Schema App Structured Data <= 1.23.1 - Missing Authorization

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher,...

CVE-2024-1134

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1134

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1134 SEOPress – On-site SEO <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1134 SEOPress – On-site SEO <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...

[SECURITY] Fedora 39 Update: chromium-125.0.6422.76-1.fc39

Chromium is an open-source web browser, powered by WebKit...

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC Request: POST...

389-ds:1.4 security update

[1.4.3.39-3] - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix [1.4.3.39-2] - Bump version to 1.4.3.39-2 - Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to...

LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

SEOPress < 7.6 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others due to insufficient input sanitization and output escaping. This makes it possible for attackers, with contributor access or higher, to inject arbitrary web scripts in....

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 118 vulnerabilities disclosed in 90...

The risk in malicious AI models: Wiz Research discovers critical vulnerability in AI-as-a-Service provider, Replicate

The Wiz Research team's investigations into AI-as-a-service providers reveals a major risk to AI...