WordPress Comments Import & Export Security Vulnerabilities
An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized...
4.4CVSS
5.1AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS...
4.8CVSS
5.5AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS...
4.8CVSS
6.9AI Score
0.0004EPSS
A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user...
5CVSS
5.2AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized...
2.8CVSS
4AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local...
5CVSS
5.3AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local...
5CVSS
6.6AI Score
0.0004EPSS
Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...
8.4CVSS
9.4AI Score
0.014EPSS
MasterParser - Powerful DFIR Tool Designed For Analyzing And Parsing Linux Logs
What is MasterParser ? MasterParser stands as a robust Digital Forensics and Incident Response tool meticulously crafted for the analysis of Linux logs within the var/log directory. Specifically designed to expedite the investigative process for security incidents on Linux systems, MasterParser...
7.5AI Score
Cross-Site Request Forgery (CSRF)
firebase-tools is vulnerable to a Cross-Site Request Forgery (CSRF). This vulnerability is due to the export endpoint in the Firebase emulator suite. If a user runs the emulator while visiting a malicious website, the browser can call out to localhost, which could result in the exfiltration of...
2.6CVSS
6.7AI Score
0.0004EPSS
[6.2.0-1.0.1] - Fixed libpcp derived metric issue for ol9 [Orabug: 36538820] [6.2.0-1] - Rebase to latest stable version of PCP (RHEL-2317) [6.1.1-4] - Fix pcp-ss(1) handling of UDP packet states (RHEL-17649) [6.1.1-2] - Fix pcp-ss(1) default handling of listen state (RHEL-17335) - Added pcp...
6CVSS
7.5AI Score
0.0004EPSS
7.4AI Score
Description The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfs_process AJAX action. This makes it possible for.....
5.4CVSS
6.6AI Score
0.0005EPSS
Import and export users and customers < 1.26.6 - Missing Authorization
Description The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for...
4.3CVSS
6.6AI Score
0.001EPSS
7.4AI Score
What can we learn from the passwords used in brute-force attacks?
Brute force attacks are one of the most elementary cyber threats out there. Technically, anyone with a keyboard and some free time could launch one of them -- just try a bunch of different username and password combinations on the website of your choice until you get blocked. Nick Biasini and I...
7.6AI Score
Introducing Artifact Attestations–now in public beta
June 25, 2024 update: Artifact Attestations is now generally available! Get started today. There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to their source code and build instructions. And with more than 100M...
6.3AI Score
Firebase vulnerable to CRSF attack
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
3.7AI Score
0.0004EPSS
Firebase vulnerable to CRSF attack
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
6.9AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...
9.1AI Score
EPSS
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
6.7AI Score
0.0004EPSS
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
6.5AI Score
0.0004EPSS
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
3.4AI Score
0.0004EPSS
CVE-2024-4128 CSRF in firebase-tools emulator suite
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed...
2.6CVSS
3.8AI Score
0.0004EPSS
github.com/navidrome/navidrome is vulnerable to HTTP Parameter Tampering. The vulnerability is due to improper parameter validation within HTTP requests. An attacker can impersonate other users and perform unauthorized actions such as creating playlists, adding songs, posting comments, and...
4.2CVSS
6.8AI Score
0.0004EPSS
kernel security, bug fix, and enhancement update
[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...
9.8CVSS
7.5AI Score
0.003EPSS
[8.2.0-11] - kvm-coroutine-cap-per-thread-local-pool-size.patch [RHEL-28947] - kvm-coroutine-reserve-5-000-mappings.patch [RHEL-28947] - Resolves: RHEL-28947 (Qemu crashing with 'failed to set up stack guard page: Cannot allocate memory') [8.2.0-10] -...
7CVSS
7.8AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt The loop inside nfs_netfs_issue_read() currently does not disable interrupts while iterating through pages in the xarray to submit for NFS read. This is not...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free...
7.2AI Score
0.0004EPSS
Zitadel exposing internal database user name and host information
Impact In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. Patches 2.x versions are fixed on >= 2.50.3 2.49.x versions are fixed on >= 2.49.5 2.48.x versions are fixed on >= 2.48.5 2.47.x vers...
5.3CVSS
6.8AI Score
0.0004EPSS
Zitadel exposing internal database user name and host information
Impact In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. Patches 2.x versions are fixed on >= 2.50.3 2.49.x versions are fixed on >= 2.49.5 2.48.x versions are fixed on >= 2.48.5 2.47.x vers...
5.3CVSS
6.8AI Score
0.0004EPSS
Impact If a model has been made available for editing through the wagtail.contrib.settings module or ModelViewSet, and the permission argument on FieldPanel has been used to further restrict access to one or more fields of the model, a user with edit permission over the model but not the specific.....
2.7CVSS
6.9AI Score
0.0004EPSS
Impact If a model has been made available for editing through the wagtail.contrib.settings module or ModelViewSet, and the permission argument on FieldPanel has been used to further restrict access to one or more fields of the model, a user with edit permission over the model but not the specific.....
2.7CVSS
6.9AI Score
0.0004EPSS
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this...
8.8CVSS
6.8AI Score
0.001EPSS
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this...
8.8CVSS
8.6AI Score
0.001EPSS
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this...
8.8CVSS
8.8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt The loop inside nfs_netfs_issue_read() currently does not disable interrupts while iterating through pages in the xarray to submit for NFS read. This is not...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt The loop inside nfs_netfs_issue_read() currently does not disable interrupts while iterating through pages in the xarray to submit for NFS read. This is not...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt The loop inside nfs_netfs_issue_read() currently does not disable interrupts while iterating through pages in the xarray to submit for NFS read. This is not...
6.4AI Score
0.0004EPSS
CVE-2024-27031 NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt The loop inside nfs_netfs_issue_read() currently does not disable interrupts while iterating through pages in the xarray to submit for NFS read. This is not...
6.5AI Score
0.0004EPSS
nautobot has reflected Cross-site Scripting potential in all object list views
Impact It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are...
7.5CVSS
6.8AI Score
0.0004EPSS
nautobot has reflected Cross-site Scripting potential in all object list views
Impact It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are...
7.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free...
7.4AI Score
0.0004EPSS
CVE-2024-26939 drm/i915/vma: Fix UAF on destroy against retire race
In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free...
7.6AI Score
0.0004EPSS
CVE-2024-26939 drm/i915/vma: Fix UAF on destroy against retire race
In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free...
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt The loop inside nfs_netfs_issue_read() currently does not disable interrupts while iterating through pages in the xarray to submit for NFS read. This is not...
6.3AI Score
0.0004EPSS
Milesight UR32L luci2-io file-import firmware update vulnerability
Talos Vulnerability Report TALOS-2023-1852 Milesight UR32L luci2-io file-import firmware update vulnerability May 1, 2024 CVE Number CVE-2023-47166 SUMMARY A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network.....
8.8CVSS
7.4AI Score
0.001EPSS