Lucene search

K

Wow Forms – Create Any Form With Custom Style Security Vulnerabilities

openbugbounty
openbugbounty

genoverband.de Cross Site Scripting vulnerability OBB-3937041

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-21 05:02 AM
1
thn
thn

U.S. Bans Kaspersky Software, Citing National Security Risks

The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's....

6.9AI Score

2024-06-21 04:25 AM
1
cve
cve

CVE-2024-5455

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level.....

8.8CVSS

8.9AI Score

EPSS

2024-06-21 04:15 AM
3
nvd
nvd

CVE-2024-5455

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level.....

8.8CVSS

EPSS

2024-06-21 04:15 AM
2
cvelist
cvelist

CVE-2024-5455 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level.....

8.8CVSS

EPSS

2024-06-21 03:24 AM
5
cve
cve

CVE-2024-5503

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

8.8CVSS

8.9AI Score

EPSS

2024-06-21 02:15 AM
2
nvd
nvd

CVE-2024-5503

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

8.8CVSS

EPSS

2024-06-21 02:15 AM
2
nvd
nvd

CVE-2024-3610

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...

5.3CVSS

EPSS

2024-06-21 02:15 AM
2
cve
cve

CVE-2024-3610

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...

5.3CVSS

5.2AI Score

EPSS

2024-06-21 02:15 AM
2
cve
cve

CVE-2024-1955

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...

4.3CVSS

4.3AI Score

EPSS

2024-06-21 02:15 AM
2
nvd
nvd

CVE-2024-1955

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...

4.3CVSS

EPSS

2024-06-21 02:15 AM
2
nvd
nvd

CVE-2024-1639

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...

6.5CVSS

EPSS

2024-06-21 02:15 AM
2
cve
cve

CVE-2024-1639

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...

6.5CVSS

6.2AI Score

EPSS

2024-06-21 02:15 AM
3
nvd
nvd

CVE-2023-3352

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...

4.3CVSS

EPSS

2024-06-21 02:15 AM
2
cve
cve

CVE-2023-3352

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...

4.3CVSS

4.4AI Score

EPSS

2024-06-21 02:15 AM
2
cvelist
cvelist

CVE-2023-3352 Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...

4.3CVSS

EPSS

2024-06-21 02:05 AM
cvelist
cvelist

CVE-2024-1955 Hide Dashboard Notifications <= 1.3 - Missing Authorization to Authenticated(Contributor+) Plugin Settings Modification

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...

4.3CVSS

EPSS

2024-06-21 02:05 AM
3
cvelist
cvelist

CVE-2024-3610 WP Child Theme Generator <= 1.1.1 - Missing Authorization to Unauthenticated Child Theme Creation/Activation

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...

5.3CVSS

EPSS

2024-06-21 02:05 AM
3
cvelist
cvelist

CVE-2024-1639 License Manager for WooCommerce <= 3.0.7 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...

6.5CVSS

EPSS

2024-06-21 02:05 AM
2
cvelist
cvelist

CVE-2024-5503 WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

8.8CVSS

EPSS

2024-06-21 02:05 AM
1
impervablog
impervablog

PCI DSS 4.0.1: New Clarifications on Client-Side Security – What You Need to Know

As a leading provider of web application and API security solutions, Imperva is committed to helping merchants, payment processors, and anyone seeking to comply with the latest PCI DSS requirements. We previously discussed the changes introduced in PCI DSS 4.0. This blog will cover the...

7.1AI Score

2024-06-21 12:46 AM
1
openbugbounty
openbugbounty

buglogic.com Cross Site Scripting vulnerability OBB-3937039

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-21 12:08 AM
1
openbugbounty
openbugbounty

browardlegaldirectory.com Cross Site Scripting vulnerability OBB-3937038

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 11:54 PM
1
openbugbounty
openbugbounty

cartecgroup.com Cross Site Scripting vulnerability OBB-3937037

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 11:44 PM
4
openbugbounty
openbugbounty

cybercomplianceinthecloud.com Cross Site Scripting vulnerability OBB-3937036

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 11:34 PM
3
openbugbounty
openbugbounty

riskassess.complianceobjects.com Cross Site Scripting vulnerability OBB-3937034

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 11:31 PM
3
openbugbounty
openbugbounty

calcoastrails.com Cross Site Scripting vulnerability OBB-3937033

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 11:19 PM
2
nvd
nvd

CVE-2024-37899

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable.....

9CVSS

EPSS

2024-06-20 11:15 PM
1
cve
cve

CVE-2024-37899

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable.....

9CVSS

9.1AI Score

EPSS

2024-06-20 11:15 PM
4
openbugbounty
openbugbounty

britishjournalofmidwifery.com Cross Site Scripting vulnerability OBB-3937031

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 11:14 PM
3
nvd
nvd

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

7.6CVSS

EPSS

2024-06-20 10:15 PM
5
cve
cve

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

7.6CVSS

7.8AI Score

EPSS

2024-06-20 10:15 PM
4
nvd
nvd

CVE-2024-37183

Plain text credentials and session ID can be captured with a network...

5.7CVSS

EPSS

2024-06-20 10:15 PM
4
cve
cve

CVE-2024-37183

Plain text credentials and session ID can be captured with a network...

5.7CVSS

7AI Score

EPSS

2024-06-20 10:15 PM
2
cvelist
cvelist

CVE-2024-37899 Disabling a user account changes its author, allowing RCE from user account in XWiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable.....

9CVSS

EPSS

2024-06-20 10:13 PM
2
cvelist
cvelist

CVE-2024-37183 Westermo L210-F2G Lynx Cleartext Transmission of Sensitive Information

Plain text credentials and session ID can be captured with a network...

5.7CVSS

EPSS

2024-06-20 10:09 PM
2
ibm
ibm

Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)

Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions (CVE-2024-0853). AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details ** CVEID: CVE-2024-0853 ...

5.3CVSS

6.2AI Score

0.001EPSS

2024-06-20 10:03 PM
cvelist
cvelist

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

7.6CVSS

EPSS

2024-06-20 09:31 PM
3
nvd
nvd

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search...

6.3CVSS

EPSS

2024-06-20 09:15 PM
2
cve
cve

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search...

6.3CVSS

7.2AI Score

EPSS

2024-06-20 09:15 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-37742

CVE-2024-37742: Clipboard Exploit in SEB ≤ 3.5.0 (Windows)...

7.3AI Score

EPSS

2024-06-20 09:01 PM
9
openbugbounty
openbugbounty

interactiveutopia.com Cross Site Scripting vulnerability OBB-3937029

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 09:01 PM
3
redhatcve
redhatcve

CVE-2023-46674

An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this...

7.8CVSS

6.9AI Score

0.0004EPSS

2024-06-20 08:51 PM
ibm
ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

8.3CVSS

10AI Score

0.005EPSS

2024-06-20 08:32 PM
openbugbounty
openbugbounty

mosineechamber.org Cross Site Scripting vulnerability OBB-3937028

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 08:30 PM
2
openbugbounty
openbugbounty

utopiaprogramming.com Cross Site Scripting vulnerability OBB-3937027

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-20 08:26 PM
3
githubexploit
githubexploit

Exploit for Path Traversal in Gitlab

CVE-2023-2825 (Unauthenticated) Directory traversal leads...

10CVSS

6.8AI Score

0.167EPSS

2024-06-20 08:22 PM
9
nvd
nvd

CVE-2024-6153

Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target.....

7.8CVSS

EPSS

2024-06-20 08:15 PM
1
cve
cve

CVE-2024-6153

Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target.....

7.8CVSS

6.6AI Score

EPSS

2024-06-20 08:15 PM
cvelist
cvelist

CVE-2024-6153 Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability

Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target.....

7.8CVSS

EPSS

2024-06-20 08:12 PM
2
Total number of security vulnerabilities2018940