The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with...
9.9CVSS
9.7AI Score
0.001EPSS
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with...
9.9CVSS
0.001EPSS
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with...
9.9CVSS
7.7AI Score
0.001EPSS
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated.....
9.8CVSS
9.8AI Score
0.001EPSS
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated.....
9.8CVSS
0.001EPSS
CVE-2024-3229 Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated.....
9.8CVSS
8AI Score
0.001EPSS
CVE-2024-3229 Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated.....
9.8CVSS
0.001EPSS
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....
5.8CVSS
0.0005EPSS
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....
5.8CVSS
5.7AI Score
0.0005EPSS
A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of...
6.1AI Score
0.0004EPSS
CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....
5.8CVSS
7AI Score
0.0005EPSS
CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....
5.8CVSS
0.0005EPSS
[SECURITY] Fedora 40 Update: kitty-0.35.1-4.fc40
Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-c olor, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and ...
5.5CVSS
7.1AI Score
0.0004EPSS
SUSE SLES15 Security Update : podman (SUSE-SU-2024:2050-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2050-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry...
8.3CVSS
8AI Score
0.0004EPSS
Debian dla-3836 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3836 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3836-1 [email protected] ...
7.2AI Score
0.0004EPSS
Nextcloud Server is prone to an improper access control ...
8.1CVSS
7AI Score
0.0004EPSS
In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL...
7.6AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6840-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6840-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
8AI Score
0.0004EPSS
AlmaLinux 8 : container-tools:rhel8 bug fix and enhancement update (Medium) (ALSA-2024:3968)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3968 advisory. * podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) * buildah: jose-go: improper handling of highly compressed data...
4.9CVSS
5.9AI Score
0.0005EPSS
RHEL 6 : vertx-core (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300) Note that...
5.4CVSS
6.9AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2024:2066-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2066-1 advisory. Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before...
6.9AI Score
EPSS
AlmaLinux 8 : firefox (ALSA-2024:3954)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:3954 advisory. * firefox: Use-after-free in networking (CVE-2024-5702) * firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688) * firefox: External...
7.6AI Score
0.0004EPSS
Fedora: Security Advisory for kitty (FEDORA-2024-15039ba9f9)
The remote host is missing an update for...
5.5CVSS
5.5AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.001EPSS
CentOS 7 : bind, bind-dyndb-ldap, and dhcp (RHSA-2024:3741)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3741 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...
7.5CVSS
8AI Score
0.05EPSS
In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL...
0.0004EPSS
8.3CVSS
8.5AI Score
0.0004EPSS
AlmaLinux 9 : firefox (ALSA-2024:3955)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3955 advisory. * firefox: Use-after-free in networking (CVE-2024-5702) * firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688) * firefox: External...
7.6AI Score
0.0004EPSS
Oracle Linux 8 : container-tools:ol8 (ELSA-2024-3968)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3968 advisory. aardvark-dns [2:1.10.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0 - Related: Jira:RHEL-2110 [2:1.9.0-1] -...
4.9CVSS
7.5AI Score
0.0005EPSS
Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6818-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
Fedora 40 : composer (2024-9ed24c98cd)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9ed24c98cd advisory. Version 2.7.7 2024-06-10 * Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241 ) *...
8.8CVSS
9.3AI Score
0.0004EPSS
CentOS 7 : firefox (RHSA-2024:3951)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3951 advisory. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects...
7.5AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:2073-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2073-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking -.....
7.7AI Score
0.0004EPSS
Oracle Linux 7 : glibc (ELSA-2024-12444)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12444 advisory. [2.17-326.0.9.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: ...
9.8CVSS
9.7AI Score
0.009EPSS
openSUSE: Security Advisory for podman (SUSE-SU-2024:2050-1)
The remote host is missing an update for...
8.3CVSS
7.4AI Score
0.0004EPSS
FreeBSD : chromium -- multiple security fixes (453aa0fc-2d91-11ef-8a0f-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 453aa0fc-2d91-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 21 security fixes: Tenable has extracted the...
8.8CVSS
8.3AI Score
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:2061-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2061-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking -.....
7.7AI Score
0.0004EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.14.30 (RHSA-2024:3918)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3918 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...
5.9CVSS
6.2AI Score
0.963EPSS
Debian dsa-5716 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5716 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5716-1 [email protected] ...
8.8CVSS
9.7AI Score
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:2065-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2065-1 advisory. - Update to version 2.44.2 - CVE-2024-27834: Fixed a vulnerability where an attacker with...
6.9AI Score
0.0004EPSS
Malicious code in draconianspeed (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (b1212e40bb57fce7672f50431153645b13624cc1e2061b44c0b91fec275e7853) The OpenSSF Package Analysis project identified 'draconianspeed' @ 5.0.0 (npm) as malicious. It is considered malicious because: The package...
7.4AI Score
BlackSuit Ransomware Leaks Kansas City Police Data in Failed Ransom Plot
BlackSuit Ransomware, known as the rebrand of the Conti ransomware gang, has leaked a trove of Kansas City Police data, including evidence records, investigation files, crime scene phones, and much more, after the department refused to pay the...
7.3AI Score
Signal Foundation Warns Against EU's Plan to Scan Private Messages for CSAM
A controversial proposal put forth by the European Union to scan users' private messages for detection of child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused...
6.8AI Score
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details ** CVEID: CVE-2022-46364 DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused...
9.8CVSS
10.1AI Score
EPSS
Malicious code in mvp-website-html (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (89574af4bb00d4c540ffc8651f5ef4bcc0f72af2368ee6e32346807e91d2e8a0) The OpenSSF Package Analysis project identified 'mvp-website-html' @ 2.0.0 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer
Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive...
7.3AI Score
43% of couples experience pressure to share logins and locations, Malwarebytes finds
All isn’t fair in love and romance today, as 43% of people in a committed relationship said they have felt pressured by their own partners to share logins, passcodes, and/or locations. A worrying 7% admitted that this type of pressure has included the threat of breaking up or the threat of...
6.8AI Score
The Difference Between API Gateway and WAAP ? and Why You Need Both
With these best-in-class security solutions, your organization can achieve a more secure and efficient digital...
7.4AI Score
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...
6.9AI Score
Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more
This blog post is part of a multi-part series, and it is highly recommended to read the first entry here before continuing. As the second entry in our "Exploring malicious Windows drivers" series, we will continue where the first left off: Discussing the I/O system and IRPs. We will expand on...
6.6AI Score