8.1CVSS
7.1AI Score
0.0004EPSS
6.7AI Score
EPSS
6.5CVSS
5.7AI Score
0.006EPSS
7.5AI Score
EPSS
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...
6.8AI Score
EPSS
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...
6.5AI Score
EPSS
XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and...
6.1CVSS
6.7AI Score
0.3EPSS
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...
2.6CVSS
3.8AI Score
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.6AI Score
0.0004EPSS
CVE-2024-6043 SourceCodester Best House Rental Management System admin_class.php login sql injection
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-6043 SourceCodester Best House Rental Management System admin_class.php login sql injection
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
0.0004EPSS
7.8CVSS
8.8AI Score
0.001EPSS
7.4AI Score
Debian dla-3835 : roundcube - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3835 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3835-1 [email protected] ...
6.6AI Score
0.0004EPSS
Tickera < 3.5.2.9 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion
Description The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with...
4.3CVSS
6.7AI Score
0.0004EPSS
Fedora: Security Advisory for booth (FEDORA-2024-8a545718b1)
The remote host is missing an update for...
5.9CVSS
5.9AI Score
0.001EPSS
7.1AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
7.1AI Score
0.008EPSS
8.5CVSS
7.1AI Score
0.005EPSS
4.7CVSS
7.2AI Score
0.0004EPSS
8CVSS
8AI Score
0.0004EPSS
Fedora: Security Advisory for thunderbird (FEDORA-2024-748bedc96c)
The remote host is missing an update for...
7.5AI Score
7.8CVSS
8AI Score
0.0005EPSS
6.7AI Score
0.0004EPSS
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed...
7AI Score
0.0004EPSS
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed...
7.1AI Score
0.0004EPSS
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed...
0.0004EPSS
U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The...
7.3AI Score
Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in...
7AI Score
0.0004EPSS
netatalk3 -- Multiple vulnerabilities
[email protected] reports: This entry documents the following three vulnerabilities: Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also...
7.6AI Score
0.0004EPSS
Fedora: Security Advisory for booth (FEDORA-2024-17e71fc540)
The remote host is missing an update for...
5.9CVSS
5.9AI Score
0.001EPSS
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed...
0.0004EPSS
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...
7.8AI Score
Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...
7AI Score
The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with...
4.3CVSS
0.001EPSS
The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with...
4.3CVSS
4.5AI Score
0.001EPSS
The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with...
4.3CVSS
0.001EPSS
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email...
6.5CVSS
0.0005EPSS
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object......
9.8CVSS
0.001EPSS
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object......
9.8CVSS
9.7AI Score
0.001EPSS
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email...
6.5CVSS
6.5AI Score
0.0005EPSS
CVE-2024-5871 WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object......
9.8CVSS
0.001EPSS
CVE-2024-5871 WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object......
9.8CVSS
7.5AI Score
0.001EPSS
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email...
6.5CVSS
0.0005EPSS
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email...
6.5CVSS
6.9AI Score
0.0005EPSS
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...
7.4CVSS
7AI Score
0.0004EPSS
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...
7.4CVSS
0.0004EPSS
CVE-2024-2544 Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...
7.4CVSS
5.8AI Score
0.0004EPSS