YARPP – Yet Another Related Posts Plugin Security Vulnerabilities

Startup-SBOM - A Tool To Reverse Engineer And Inspect The RPM And APT Databases To List All The Packages Along With Executables, Service And Versions

This is a simple SBOM utility which aims to provide an insider view on which packages are getting executed. The process and objective is simple we can get a clear perspective view on the packages installed by APT (currently working on implementing this for RPM and other package managers). This is.....

CVE-2024-36943

In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan make_uffd_wp_pte() was previously doing: pte = ptep_get(ptep); ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep, pte); But if...

CVE-2024-36938

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

CVE-2024-34385 WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through...

CVE-2024-34764 WordPress Essential Addons for Elementor plugin <= 5.9.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through...

CVE-2024-34767 WordPress ShopLentor plugin <= 2.8.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes ShopLentor allows Stored XSS.This issue affects ShopLentor: from n/a through...

CVE-2024-34769 WordPress Elegant Blocks – Amazing Gutenberg Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in cyclonetheme Elegant Blocks allows Stored XSS.This issue affects Elegant Blocks: from n/a through...

CVE-2024-34770 WordPress Popup Maker WP plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Popup Maker Popup Maker WP allows Stored XSS.This issue affects Popup Maker WP: from n/a through...

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...

CVE-2024-34789 WordPress Post Grid Elementor Addon plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through...

CVE-2024-34790 WordPress Download ImageMagick Sharpen Resized Images plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...

CVE-2024-34791 WordPress WPB Elementor Addons plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpbean WPB Elementor Addons allows Stored XSS.This issue affects WPB Elementor Addons: from n/a through...

CVE-2024-34793 WordPress WP Next Post Navi plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kharim Tomlinson WP Next Post Navi allows Stored XSS.This issue affects WP Next Post Navi: from n/a through...

CVE-2024-34794 WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through...

CVE-2024-34795 WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Stored XSS.This issue affects Tainacan: from n/a through...

CVE-2024-34796 WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through...

CVE-2024-34797 WordPress Simple Popup Manager plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through...

CVE-2024-34801 WordPress Praison SEO WordPress plugin <= 4.0.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mervin Praison Praison SEO WordPress allows Stored XSS.This issue affects Praison SEO WordPress: from n/a through...

CVE-2024-35631 WordPress FV Flowplayer Video Player plugin <= 7.5.45.7212 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through...

CVE-2024-35630 WordPress WP TripAdvisor Review Slider plugin <= 12.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through...

CVE-2024-34754 WordPress Contact Form Widget plugin <= 1.3.9 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Contact Form Widget.This issue affects Contact Form Widget: from n/a through...

CVE-2024-34798 WordPress Debug Log – Manger Tool plugin <= 1.4.5 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger Tool.This issue affects Debug Log – Manger Tool: from n/a through...

CVE-2024-34803 WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through...

CVE-2023-43544 Use After Free in Audio

Memory corruption when IPC callback handle is used after it has been released during register callback by another...

CVE-2024-35633 WordPress Blocksy Companion plugin <= 2.0.42 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through...

CVE-2024-35635 WordPress Ninja Tables plugin <= 5.0.9 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

IT threat evolution in Q1 2024. Mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in Q1 2024: 10.1 million attacks using malware, adware, or unwanted mobile software were blocked. The most...

IT threat evolution Q1 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: docker, k9s, wolfictl, zot, cadvisor, ctop, telegraf, kubernetes, datadog-agent, runc, skopeo, nvidia-device-plugin, grype, kubescape, kaniko, nerdctl, newrelic-infrastructure-agent, skaffold, syft, buildkitd, k3s, trivy, ingress-nginx-controller, k3d, kots,...

GHSA-VVPX-J8F3-3W6H vulnerabilities

Vulnerabilities for packages: falco, k3d, restic, dynamic-localpv-provisioner, hey, gke-gcloud-auth-plugin, wireguard-go, grpcurl,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: spark-operator, gitlab-pages, kubernetes-csi-external-attacher, terraform-provider-aws, dgraph, vault-csi-provider, frp, kubescape, haproxy-ingress, gke-gcloud-auth-plugin, cilium-envoy, istio-envoy, prometheus-adapter, terraform-provider-azurerm,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: spark-operator, prometheus-nats-exporter, docker-compose, bank-vaults, containerd, gitlab-pages, jaeger-agent, ctop, kubernetes-csi-driver-hostpath, istio-pilot-agent, kor, kubernetes-csi-external-attacher, kwok, policy-controller, crossplane-provider-azure, runc,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

CVE-2022-41723 vulnerabilities

Vulnerabilities for packages: falco, k3d, restic, dynamic-localpv-provisioner, hey, gke-gcloud-auth-plugin, wireguard-go, grpcurl,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: docker-compose, gitlab-pages, containerd, jaeger-agent, istio-pilot-agent, kor, nri-kafka, crossplane-provider-azure, runc, kubeadm-controlplane-controller, mods, litestream, kubernetes-dashboard, terraform-provider-azurerm, k8ssandra-operator, conftest, go-md2man,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: spark-operator, prometheus-nats-exporter, docker-compose, bank-vaults, containerd, gitlab-pages, jaeger-agent, ctop, kubernetes-csi-driver-hostpath, kubernetes-csi-external-attacher, policy-controller, dask-gateway, crossplane-provider-azure, kafka_exporter, runc,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: spark-operator, prometheus-nats-exporter, docker-compose, bank-vaults, containerd, gitlab-pages, jaeger-agent, ctop, kubernetes-csi-driver-hostpath, kubernetes-csi-external-attacher, policy-controller, dask-gateway, crossplane-provider-azure, kafka_exporter, runc,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: spark-operator, bank-vaults, containerd, gitlab-pages, kubernetes-csi-external-attacher, crossplane-provider-azure, runc, dgraph, vault-csi-provider, frp, k8sgpt-operator, haproxy-ingress, gke-gcloud-auth-plugin, vault-k8s, kubernetes-dashboard, prometheus-adapter,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: spark-operator, prometheus-nats-exporter, docker-compose, bank-vaults, containerd, gitlab-pages, jaeger-agent, ctop, kubernetes-csi-driver-hostpath, istio-pilot-agent, kor, kubernetes-csi-external-attacher, kwok, policy-controller, crossplane-provider-azure, runc,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, local-path-provisioner, vertical-pod-autoscaler, flannel-cni-plugin, go-bindata, gops, aws-flb-kinesis, ctop, influx, mage, dgraph, cni-plugins, docker-cli, go-licenses, gobuster, helm-push, sonobuoy, gke-gcloud-auth-plugin, metrics-server,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: docker-compose, gitlab-pages, containerd, jaeger-agent, istio-pilot-agent, kor, nri-kafka, crossplane-provider-azure, runc, kubeadm-controlplane-controller, mods, litestream, kubernetes-dashboard, terraform-provider-azurerm, k8ssandra-operator, conftest, go-md2man,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: spark-operator, prometheus-nats-exporter, docker-compose, bank-vaults, containerd, gitlab-pages, jaeger-agent, ctop, kubernetes-csi-driver-hostpath, kubernetes-csi-external-attacher, policy-controller, dask-gateway, crossplane-provider-azure, kafka_exporter, runc,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: spark-operator, bank-vaults, containerd, gitlab-pages, istio-pilot-agent, kubernetes-csi-external-attacher, crossplane-provider-azure, runc, dgraph, vault-csi-provider, frp, k8sgpt-operator, kubescape, haproxy-ingress, gke-gcloud-auth-plugin, vault-k8s,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: spark-operator, ctop, kube-rbac-proxy, kubernetes-csi-external-attacher, kor, dask-gateway, kwok, nri-kafka, crossplane-provider-azure, runc, dgraph, vault-csi-provider, docker-cli, kubeadm-controlplane-controller, kyverno-policy-reporter, etcd, k8sgpt-operator,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, local-path-provisioner, vertical-pod-autoscaler, flannel-cni-plugin, go-bindata, gops, aws-flb-kinesis, ctop, influx, mage, dgraph, cni-plugins, docker-cli, go-licenses, gobuster, helm-push, sonobuoy, gke-gcloud-auth-plugin, metrics-server,...