7.3AI Score
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller:...
7.6AI Score
0.0004EPSS
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller:...
7.3AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...
10CVSS
9.5AI Score
EPSS
CVE-2024-4999 Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller:...
7.7AI Score
0.0004EPSS
CVE-2024-4999 Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller:...
7.6AI Score
0.0004EPSS
GE Healthcare Ultrasound Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: low attack complexity Vendor: GE Healthcare Equipment: Ultrasound Products Vulnerability: Protection Mechanism Failure, Incorrect User Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with...
7.4CVSS
7AI Score
0.001EPSS
Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
10CVSS
9AI Score
0.001EPSS
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...
8.8CVSS
7AI Score
0.001EPSS
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...
8.8CVSS
8.6AI Score
0.001EPSS
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
8.8CVSS
6.6AI Score
0.001EPSS
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
8.8CVSS
8.6AI Score
0.001EPSS
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or...
7.3CVSS
6.6AI Score
0.0005EPSS
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or...
7.3CVSS
7.2AI Score
0.0005EPSS
CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...
8.8CVSS
7.2AI Score
0.001EPSS
CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...
8.8CVSS
8.8AI Score
0.001EPSS
CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
8.8CVSS
8.8AI Score
0.001EPSS
CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or...
7.3CVSS
6.8AI Score
0.0005EPSS
CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
8.8CVSS
6.8AI Score
0.001EPSS
CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or...
7.3CVSS
7.4AI Score
0.0005EPSS
7.3AI Score
6.5AI Score
7.3AI Score
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...
4.7CVSS
4.6AI Score
0.0004EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
3.5AI Score
0.0004EPSS
Cost Calculator Builder Pro < 3.1.73 - Authenticated (Subscriber+) Server-Side Request Forgery
Description Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...
6.4CVSS
6.5AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi:...
7.8CVSS
7.7AI Score
0.0005EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
7.6AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
6CVSS
6AI Score
0.0004EPSS
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...
7.7AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...
7.8CVSS
6.9AI Score
EPSS
Tutor LMS Pro < 2.7.1 - Missing Authorization
Description The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add,...
7.3CVSS
6.8AI Score
0.0005EPSS
Tutor LMS Pro < 2.7.1 - Missing Authorization to SQL Injection
Description The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function...
8.8CVSS
7.2AI Score
0.001EPSS
Tutor LMS Pro < 2.7.1 - Missing Authorization to Privilege Escalation
Description The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with....
8.8CVSS
6.7AI Score
0.001EPSS
Grafana folders admin only permission privilege escalation
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control (RBAC). Release 9.1.6, latest patch, also containing security fix: Download Grafana.....
7.6CVSS
4.4AI Score
0.001EPSS
Grafana folders admin only permission privilege escalation
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control (RBAC). Release 9.1.6, latest patch, also containing security fix: Download Grafana.....
7.6CVSS
7AI Score
0.001EPSS
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.5CVSS
7.7AI Score
0.001EPSS
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.5CVSS
6.8AI Score
0.001EPSS
Grafana when using email as a username can block other users from signing in
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39229 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
4.3CVSS
4.8AI Score
0.001EPSS
Grafana when using email as a username can block other users from signing in
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39229 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
4.3CVSS
6.9AI Score
0.001EPSS
Grafana Email addresses and usernames can not be trusted
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download...
8.1CVSS
8.3AI Score
0.002EPSS
Grafana Email addresses and usernames can not be trusted
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download...
8.1CVSS
7AI Score
0.002EPSS
Grafana User enumeration via forget password
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate security fixes for CVE-2022-39307. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download Grafana...
6.7CVSS
5.4AI Score
0.001EPSS
Grafana User enumeration via forget password
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate security fixes for CVE-2022-39307. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download Grafana...
6.7CVSS
6.8AI Score
0.001EPSS
Grafana Race condition allowing privilege escalation
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes critical security fixes for CVE-2022-39328. Release 9.2.4, latest patch, also containing security fix: Download Grafana 9.2.4 Appropriate patches have been applied to Grafana Cloud and as always, we...
9.8CVSS
6.8AI Score
0.002EPSS
Grafana Race condition allowing privilege escalation
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes critical security fixes for CVE-2022-39328. Release 9.2.4, latest patch, also containing security fix: Download Grafana 9.2.4 Appropriate patches have been applied to Grafana Cloud and as always, we...
9.8CVSS
8.1AI Score
0.002EPSS
Grafana Escalation from admin to server admin when auth proxy is used
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: Download Grafana 9.1.6 Release notes ...
6.6CVSS
7.1AI Score
0.003EPSS
Grafana Escalation from admin to server admin when auth proxy is used
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: Download Grafana 9.1.6 Release notes ...
6.6CVSS
6.8AI Score
0.003EPSS
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.5CVSS
7.5AI Score
0.001EPSS
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.5CVSS
6.7AI Score
0.001EPSS