9.8CVSS
9.6AI Score
0.001EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo...
8.8CVSS
9AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.001EPSS
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root...
9.8CVSS
9.6AI Score
0.001EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo...
8.8CVSS
9.1AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK...
8.8CVSS
9.1AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime...
8.8CVSS
9AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK...
8.8CVSS
9AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root...
9.8CVSS
9.4AI Score
0.001EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime...
8.8CVSS
9.1AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime...
8.8CVSS
8.4AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK...
8.8CVSS
8.4AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo...
8.8CVSS
8.4AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root...
9.8CVSS
7.4AI Score
0.001EPSS
9.8CVSS
7.4AI Score
0.001EPSS
9.7AI Score
0.001EPSS
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root...
9.8AI Score
0.001EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime...
9.3AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK...
9.3AI Score
0.002EPSS
JetBackup < 2.0.9.9 - Directory Listing Exposing Backups
Description The plugin doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files. A partial fix was released in 2.0.9.6, removing the ability to list the directory but still allowing direct...
9.2AI Score
0.0004EPSS
JetBackup < 2.0.9.9 - Directory Listing Exposing Backups
Description The plugin doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files. A partial fix was released in 2.0.9.6, removing the ability to list the directory but still allowing direct...
9AI Score
0.0004EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo...
9.3AI Score
0.002EPSS
Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote....
8.6CVSS
6.8AI Score
0.005EPSS
Issue Overview: Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages....
6.5CVSS
6.8AI Score
0.009EPSS
Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote....
8.6CVSS
9.3AI Score
0.005EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 22, 2024 to January 28, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 52 vulnerabilities disclosed in 42...
9.8CVSS
9.4AI Score
EPSS
How to Prepare for a Cyberattack
Deciphering the Cyber Invasion Terrain We exist in an era deeply entrenched in digital dependence, where cyber invasions present significant risks for companies, government establishments, and solitary users. As we hurdle deeper into the digital era, the art of cyber misdemeanors continues to...
6.9AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through...
8.8CVSS
9AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through...
8.8CVSS
9.3AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through...
8.8CVSS
7.9AI Score
0.001EPSS
CVE-2024-23507 WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through...
8.5CVSS
9.2AI Score
0.001EPSS
ICS and OT threat predictions for 2024
We do not expect rapid changes in the industrial cyberthreat landscape in 2024. Most of the below-described trends have been observed before, many for some years. However, some of them have reached a critical mass of creeping changes, which could lead to a qualitative shift in the threat landscape....
7.2AI Score
Omron CS/CJ Series Missing Authentication For Critical Function (CVE-2022-45794)
Omron CS/CJ series programmable logic controllers are missing authentication for the file system. This could allow an attacker to access the file system (via memory card or EM file memory) and obtain all available sensitive information. This plugin only works with Tenable.ot. Please visit...
8.6CVSS
7.7AI Score
0.001EPSS
Post-quantum Cryptography for the Go Ecosystem
filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM (formerly known as Kyber, renamed because we can't have nice things) is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...
6.8AI Score
New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility
Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was dismantled in April 2022. A new variant of the malware is said to have been in development since September 2023, Zscaler ThreatLabz said in an...
7.2AI Score
How to Merge Veeam Backup for Microsoft 365 Licenses
This article documents the process for merging and unmerging licenses for Veeam Backup for Microsoft 365 using the Veeam MyAccount...
7.1AI Score
Juniper Junos OS Vulnerability (JSA75735)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75735 advisory. A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network...
5.3CVSS
7.3AI Score
0.001EPSS
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which...
7.5CVSS
7.6AI Score
0.001EPSS
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which...
7.5CVSS
7.5AI Score
0.001EPSS
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which...
7.5CVSS
7.1AI Score
0.001EPSS
CVE-2023-7204 WP STAGING WordPress Backup Plugin < 3.2.0 - Unauthorized Sensitive Data Exposure
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which...
7.7AI Score
0.001EPSS
Juniper Junos OS Vulnerability (JSA75723)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75723 advisory. An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated...
5.9CVSS
7.4AI Score
0.0005EPSS
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option ‘follow_symlinks’ can be used to determine whether to follow...
7.5CVSS
6.5AI Score
0.052EPSS
8.8CVSS
7.2AI Score
0.002EPSS
Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection Vulnerability
Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime...
8.8CVSS
7.7AI Score
0.002EPSS
Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection Vulnerability
Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo...
8.8CVSS
9AI Score
0.002EPSS
Vinchin Backup And Recovery 7.2 Default Root Credentials Vulnerability
Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security...
9.8CVSS
7.3AI Score
0.001EPSS
4.9CVSS
5.6AI Score
0.001EPSS
Exploit for Path Traversal in Ispyconnect Agent Dvr
AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution...
8.3AI Score
[SECURITY] [DLA 3722-1] mariadb-10.3 security update
Debian LTS Advisory DLA-3722-1 [email protected] https://www.debian.org/lts/security/ Bastien ROUCARIÃ?S January 27, 2024 https://wiki.debian.org/LTS Package : mariadb-10.3 Version : 1:10.3.39-0+deb10u2 CVE...
4.9CVSS
5.2AI Score
0.001EPSS