A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status...
5.6AI Score
0.0004EPSS
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status...
5.8AI Score
0.0004EPSS
Heat templates for TripleO YAQL library has a out of the box large set of commonly used functions. Security Fix(es): OpenStack Murano Component Information Leakage (CVE-2024-29156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other...
6.6AI Score
0.0004EPSS
Heat templates for TripleO YAQL library has a out of the box large set of commonly used functions. Security Fix(es): OpenStack Murano Component Information Leakage (CVE-2024-29156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other...
6.6AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1930 advisory. Heat templates for TripleO YAQL library has a out of the box large set of commonly used functions. Security Fix(es): * OpenStack Murano Component...
6.3AI Score
0.0004EPSS
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output...
6.4CVSS
5.9AI Score
0.0004EPSS
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status...
5.7AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...
8.8AI Score
EPSS
Prototype pollution in emit function
Summary A prototype pollution in derby can crash the application, if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most...
7AI Score
Prototype pollution in emit function
Summary A prototype pollution in derby can crash the application, if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most...
7AI Score
Enforce and Report on PCI DSS v4 Compliance with Rapid7
The PCI Security Standards Council (PCI SSC) is a global forum that connects stakeholders from the payments and payment processing industries to craft and facilitate adoption of data security standards and relevant resources that enable safe payments worldwide. According to the PCI SSC website,...
7.3AI Score
How Qualys Supports the National Cyber Security Centre (NCSC)’s Vulnerability Management Guidance
NCSC details the importance of having asset management and remediation as key requirements of a successful VM program. “A vulnerability management process shouldn’t exist in isolation. It is a cross-cutting effort and involves not just those working in IT operations, but also security and risk...
7.2AI Score
Who Stole 3.6M Tax Records from South Carolina?
For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a...
7.1AI Score
An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy.....
7.5CVSS
6.2AI Score
0.001EPSS
Popup Like box – Page < 3.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Popup Like box – Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9CVSS
5.7AI Score
0.0004EPSS
Spring Framework 6.2.0-M1: Overriding Beans in Tests
Spring Framework 6.2.0-M1 has been released, including changes that resolve more than one hundred issues. Among those are a range of new features in Spring's testing support. In this post, I’d like to walk you through one of these new testing features: Bean Overriding support. The previous state...
7.2AI Score
Exploit for Code Injection in Openplcproject Openplc V3 Firmware
CVE-2021-31630 OpenPLC 3 WebServer Authenticated Remote Code...
8.8CVSS
8.8AI Score
0.006EPSS
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's...
9.3AI Score
0.0004EPSS
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's...
6.5AI Score
0.0004EPSS
CVE-2024-1204 Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's...
6.8AI Score
0.0004EPSS
Exploit for Integer Overflow or Wraparound in Linux Linux Kernel
CVE-2022-0185-Case-Study This case study is a result of an...
8.4CVSS
8.9AI Score
0.001EPSS
7.4AI Score
7.4AI Score
7.4AI Score
7.2AI Score
7.4AI Score
The internet is already scary enough without April Fool’s jokes
I feel like over the past several years, the "holiday" that is April Fool's Day has really died down. At this point, there are few headlines you can write that would be more ridiculous than something you'd find on a news site any day of the week. And there are so many more serious issues that are.....
7.3AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...
9.9CVSS
9.8AI Score
0.082EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through...
5.9CVSS
6.6AI Score
0.0004EPSS
CVE-2024-31387 WordPress Popup Likebox plugin <= 3.7.2 - Cross-Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through...
5.9CVSS
5.9AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
6.2CVSS
7AI Score
0.0004EPSS
Counter Box < 1.2.4 - Counter Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF...
6.8AI Score
0.0004EPSS
Counter Box < 1.2.4 - Counter Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID:...
6.3AI Score
0.0004EPSS
Popup Box < 2.2.7 - Popup Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID:...
6.3AI Score
0.0004EPSS
Popup Box < 2.2.7 - Popup Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF...
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet...
4.3CVSS
6.8AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet...
4.3CVSS
4.6AI Score
0.0005EPSS
CVE-2024-31386 Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet...
4.3CVSS
5AI Score
0.0005EPSS
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in...
7.5CVSS
7.8AI Score
0.001EPSS
SQLi (SQL Injection) org.postgresql:postgresql Dependency in Jira Software Data Center and Server
This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. Jira Software Data Center is unaffected by.....
10CVSS
9.7AI Score
0.001EPSS
Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review
Welcome to another insightful dive into Microsoft's Patch Tuesday! This month's security updates address a vast number of vulnerabilities in multiple popular products, features, and roles. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft...
8.8CVSS
9.2AI Score
0.004EPSS
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
7.6AI Score
0.0004EPSS
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.7AI Score
0.0004EPSS
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.7AI Score
0.0004EPSS
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
7.6AI Score
0.0004EPSS
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.8AI Score
0.0004EPSS
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.8AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All...
6.2CVSS
6.4AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All...
6.2CVSS
6AI Score
0.0004EPSS