Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through...
7.6CVSS
7.5AI Score
0.0004EPSS
CVE-2024-34386 WordPress Auto Affiliate Links plugin <= 6.4.3.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through...
7.6CVSS
7.7AI Score
0.0004EPSS
CVE-2024-34386 WordPress Auto Affiliate Links plugin <= 6.4.3.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through...
7.6CVSS
8.8AI Score
0.0004EPSS
CVE-2024-34412 WordPress ParcelPanel plugin <= 3.8.1 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through...
8.5CVSS
9.1AI Score
0.0004EPSS
CVE-2024-34412 WordPress ParcelPanel plugin <= 3.8.1 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through...
8.5CVSS
7.7AI Score
0.0004EPSS
An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary...
7.6AI Score
0.0004EPSS
An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary...
7.3AI Score
0.0004EPSS
Financial cyberthreats in 2023
Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...
7.3AI Score
Oracle Linux 9 : fence-agents (ELSA-2024-2132)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2132 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to...
6.1CVSS
6.6AI Score
0.001EPSS
An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary...
7.5AI Score
0.0004EPSS
Oracle Linux 9 : python3.11 (ELSA-2024-2292)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2292 advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is...
5.3CVSS
6.5AI Score
0.001EPSS
Oracle Linux 9 : python-jinja2 (ELSA-2024-2348)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2348 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject...
6.1CVSS
6.7AI Score
0.001EPSS
Oracle Linux 9 : python3.11-urllib3 (ELSA-2024-2159)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2159 advisory. urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies...
8.1CVSS
6.4AI Score
0.001EPSS
Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...
8CVSS
8.2AI Score
0.0005EPSS
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities
Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The.....
9.8CVSS
7.6AI Score
0.902EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1490-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1490-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of...
7.8CVSS
7.6AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not...
6.4AI Score
0.0004EPSS
kurwov vulnerable to Denial of Service due to improper data sanitization
Summary An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...
6.2CVSS
6.3AI Score
0.0004EPSS
kurwov vulnerable to Denial of Service due to improper data sanitization
Summary An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...
6.2CVSS
7AI Score
0.0004EPSS
kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a.....
6.2CVSS
6.4AI Score
0.0004EPSS
kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a.....
6.2CVSS
6.7AI Score
0.0004EPSS
kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a.....
6.2CVSS
6.3AI Score
0.0004EPSS
CVE-2024-34075 kurwov vulnerable to Denial of Service due to improper data sanitization
kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a.....
6.2CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not...
6.6AI Score
0.0004EPSS
CVE-2022-48700 vfio/type1: Unpin zero pages
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not...
6.5AI Score
0.0004EPSS
CVE-2022-48700 vfio/type1: Unpin zero pages
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not...
6.7AI Score
0.0004EPSS
Apache Hive Code Injection vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have...
8.1AI Score
0.0004EPSS
Apache Hive Code Injection vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have...
7.5AI Score
0.0004EPSS
== How to build expat with cmake (experimental) == The cmake...
7.7AI Score
0.0004EPSS
== How to build expat with cmake (experimental) == The cmake...
7.7AI Score
0.0004EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have...
7.4AI Score
0.0004EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have...
7.7AI Score
0.0004EPSS
CVE-2023-35701 Apache Hive: Arbitrary command execution via JDBC driver
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have...
7.7AI Score
0.0004EPSS
CVE-2023-35701 Apache Hive: Arbitrary command execution via JDBC driver
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have...
7.8AI Score
0.0004EPSS
== How to build expat with cmake (experimental) == The cmake...
7.7AI Score
0.0004EPSS
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp...
8.1CVSS
8.4AI Score
0.001EPSS
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp...
8.1CVSS
7.3AI Score
0.001EPSS
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp...
8.1CVSS
8.4AI Score
0.001EPSS
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp...
8.1CVSS
8.4AI Score
0.001EPSS
CVE-2023-42117 Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp...
8.1CVSS
7.6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not...
6.3AI Score
0.0004EPSS
[10.0.0-6.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6] - qemu: virtiofs: do not crash if cgroups are missing (RHEL-7386) - qemu: virtiofs: set correct label when creating the socket (RHEL-7386) - qemu: virtiofs: error out if getting the group or user name fails...
5CVSS
7.3AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...
9.1AI Score
EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated...
8.8CVSS
8.5AI Score
0.0004EPSS
CyberPower PowerPanel business
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: CyberPower Equipment: PowerPanel business Vulnerabilities: Use of Hard-coded Password, Relative Path Traversal, Use of Hard-coded Credentials, Active Debug Code, Storing Passwords in a...
9.8CVSS
9.1AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through...
7.6CVSS
8.4AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through...
7.6CVSS
8.1AI Score
0.0004EPSS
CVE-2024-33911 WordPress The School Management Pro plugin <= 10.3.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through...
7.6CVSS
8.3AI Score
0.0004EPSS