Cms Core & Grid Security Vulnerabilities
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this...
EPSS
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this...
6.6AI Score
EPSS
WordPress Security Research: A Beginner’s Series
Learn How To Find WordPress Vulnerabilities Step-by-Step Welcome to the inaugural post of our WordPress Security Research Beginner's Series! With the success of the Wordfence Bug Bounty Program, we wanted to provide emerging vulnerability researchers, and experienced Bug Bounty Hunters, with a...
7.7AI Score
WordPress Security Research Series: WordPress Request Architecture and Hooks
Welcome to Part 1 of the WordPress Security Research Beginner Series! If you haven’t had a chance, please review the series introduction blog post for more details on the goal of this series and what to expect. Before diving into the security features of WordPress, it's critical to understand the.....
7.1AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, py3.10-tensorflow-core, kubeflow-volumes-web-app,...
7.5CVSS
7.8AI Score
0.0004EPSS
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, py3.10-tensorflow-core, kubeflow-volumes-web-app,...
7.5AI Score
Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, py3-idna, ggshield, confluent-docker-utils, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app, az, dask-gateway, kubeflow-katib, jwt-tool,...
6.7AI Score
EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, py3-idna, ggshield, confluent-docker-utils, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app, az, dask-gateway, kubeflow-katib, jwt-tool,...
7.5AI Score
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, airflow, ggshield, patroni, reflex, confluent-docker-utils, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-volumes-web-app, az, kubeflow-katib, superset, jwt-tool,...
7.5AI Score
CVE-2024-35195 vulnerabilities
Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, airflow, ggshield, patroni, reflex, confluent-docker-utils, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-volumes-web-app, az, kubeflow-katib, superset, jwt-tool,...
5.6CVSS
6.2AI Score
0.0004EPSS
CVE-2024-21460 Use of Insufficiently Random Values in Core
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...
7.1CVSS
EPSS
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
8.3AI Score
EPSS
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
8.3AI Score
EPSS
Model Extraction from Neural Networks
A new paper, "Polynomial Time Cryptanalytic Extraction of Neural Network Models," by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it's a...
7.2AI Score
6.7AI Score
0.0004EPSS
4.4CVSS
7.1AI Score
0.0004EPSS
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
7.8CVSS
7.9AI Score
0.0005EPSS
6.7AI Score
0.0004EPSS
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
6.4CVSS
6.1AI Score
0.001EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....
5CVSS
7AI Score
0.0004EPSS
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...
7AI Score
0.0004EPSS
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to...
7.1AI Score
0.0004EPSS
7.8CVSS
8.9AI Score
EPSS
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....
6.5CVSS
7.1AI Score
0.0004EPSS
RHEL 8 : pki-core (RHSA-2024:4179)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4179 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...
7.5CVSS
7.6AI Score
0.0004EPSS
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...
3.7CVSS
4.1AI Score
0.0004EPSS
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...
3.7CVSS
0.0004EPSS
CVE-2024-39302 Some bbb-record-core files installed with wrong file permission
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...
3.7CVSS
0.0004EPSS
A flaw was found in cyclonedx-core-java. It is vulnerable to XML External Entity (XXE) injection due to an insecure configuration of the DocumentBuilderFactory used to evaluate XPath...
7.5CVSS
7.5AI Score
0.0005EPSS
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
7.5CVSS
7.7AI Score
0.0005EPSS
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
7.5CVSS
0.0005EPSS
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
7.5CVSS
0.0005EPSS
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in...
6.9AI Score
EPSS
Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors
The modern kill chain is eluding enterprises because they aren't protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven't revised their security...
7.4AI Score
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...
7.2AI Score
0.0004EPSS
The Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count (Static) widget in all versions up to,.....
6.4CVSS
0.001EPSS
The Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count (Static) widget in all versions up to,.....
6.4CVSS
5.7AI Score
0.001EPSS
The Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count (Static) widget in all versions up to,.....
6.4CVSS
0.001EPSS
Malicious code in @freetime/core-utils (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b6e1ddad8237b58e27d13a7761696892692fb82793f5f7a7bd900c6397d96dbb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the....
7CVSS
7.1AI Score
0.0004EPSS
An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the....
7CVSS
0.0004EPSS
AlmaLinux 9 : pki-core (ALSA-2024:4165)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4165 advisory. * dogtag ca: token authentication bypass vulnerability (CVE-2023-4727) Tenable has extracted the preceding description block directly from the AlmaLinux security...
7.5CVSS
7.7AI Score
0.0004EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages cups - Common UNIX Printing System(tm) Details USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression in CUPS with regards to how...
7.5AI Score
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1859)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the...
8CVSS
7.5AI Score
0.0004EPSS
Oracle Linux 9 : pki-core (ELSA-2024-4165)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4165 advisory. [11.5.0-2.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.5.0-2] - RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass.....
7.5CVSS
7AI Score
0.0004EPSS
Intel Chipset Device Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
6.7CVSS
7.1AI Score
0.0004EPSS