IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
4.8CVSS
6AI Score
EPSS
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
4.8CVSS
EPSS
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within....
5.4CVSS
6AI Score
EPSS
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within....
5.4CVSS
EPSS
CVE-2023-42014 IBM Sterling B2B Integrator Standard Edition cross-site scripting
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within....
5.4CVSS
EPSS
CVE-2024-35153 IBM WebSphere Application Server cross-site scripting
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
4.8CVSS
EPSS
Polyfill Library Injected with Malware Impacting 100,000 Websites
A trusted JavaScript library, Polyfill.io, became a malware delivery system. Security experts exposed the attack and the potential consequences for website visitors. Learn how this supply chain attack highlights the importance of web development security and what steps developers can take to...
7.3AI Score
Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure
Summary IBM QRadar Suite software is vulnerable to information exposure through cache data. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...
6.7AI Score
EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.9AI Score
EPSS
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation....
7.7AI Score
10CVSS
7AI Score
0.941EPSS
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF006. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to...
7.5CVSS
7.8AI Score
0.0004EPSS
‘Poseidon’ Mac stealer distributed via Google ads
On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows...
6.5AI Score
A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument....
3.5CVSS
3.9AI Score
EPSS
A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument....
3.5CVSS
EPSS
A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument...
3.5CVSS
EPSS
A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument...
3.5CVSS
3.9AI Score
EPSS
Snowflake isn’t an outlier, it’s the canary in the coal mine
By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials for...
7.6AI Score
CVE-2024-6370 LabVantage LIMS POST Request cross site scripting
A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument....
3.5CVSS
EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various entities...
7AI Score
EPSS
Yokogawa FAST/TOOLS and CI Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: FAST/TOOLS and CI Server Vulnerabilities: Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
5.8CVSS
7.7AI Score
0.0004EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...
7.5AI Score
EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may allow...
7.1AI Score
EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...
6.8AI Score
EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Illustra Essentials Gen 4 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
7.2AI Score
EPSS
CVE-2024-6367 LabVantage LIMS POST Request cross site scripting
A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument...
3.5CVSS
EPSS
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
5.7AI Score
EPSS
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
EPSS
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
EPSS
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
EPSS
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...
9.8CVSS
EPSS
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...
9.8CVSS
9.5AI Score
EPSS
CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...
9.8CVSS
EPSS
How to Use Python to Build Secure Blockchain Applications
Did you know it's now possible to build blockchain applications, known also as decentralized applications (or "dApps" for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an...
6.9AI Score
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
5.8AI Score
EPSS
7.5AI Score
9.8CVSS
9.7AI Score
0.002EPSS
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: py3.10-tensorflow-core, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, py3-werkzeug,...
7.5AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: py3.10-tensorflow-core, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, py3-werkzeug,...
7.5CVSS
7.8AI Score
0.0004EPSS
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...
7.5AI Score
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: py3-urllib3, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, py3-tensorflow-serving-api,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: confluent-docker-utils, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, pytorch, reflex, py3-jinja2, superset,...
7.5AI Score
Vulnerabilities for packages: confluent-docker-utils, py3.10-tensorflow-core, k8s-sidecar, kubeflow-jupyter-web-app, az, kubeflow-volumes-web-app, datadog-agent, py3-idna, kubeflow-pipelines, kubeflow-katib, kubeflow-pipelines-visualization-server, dask-gateway, jwt-tool, ggshield,...
6.7AI Score
EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: confluent-docker-utils, py3.10-tensorflow-core, k8s-sidecar, kubeflow-jupyter-web-app, az, kubeflow-volumes-web-app, datadog-agent, py3-idna, kubeflow-pipelines, kubeflow-katib, kubeflow-pipelines-visualization-server, dask-gateway, jwt-tool, ggshield,...
7.5AI Score
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: py3-urllib3, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, py3-tensorflow-serving-api,...
4.2CVSS
7.1AI Score
0.0004EPSS
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: confluent-docker-utils, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, pytorch, reflex, py3-jinja2, superset,...
5.4CVSS
6.1AI Score
0.0004EPSS
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: confluent-docker-utils, patroni, py3.10-tensorflow-core, k8s-sidecar, kubeflow-jupyter-web-app, az, kubeflow-volumes-web-app, reflex, airflow, datadog-agent, mlflow, superset, kubeflow-katib, kubeflow-pipelines, jwt-tool, ggshield,...
7.5AI Score
CVE-2024-37891 vulnerabilities
Vulnerabilities for packages: confluent-docker-utils, py3-urllib3, k8s-sidecar, kubeflow-jupyter-web-app, az, kubeflow-volumes-web-app, reflex, airflow, mlflow, superset, kubeflow-katib, kubeflow-pipelines, dask-gateway, ggshield,...
4.4CVSS
4.9AI Score
0.0004EPSS
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...
5.3CVSS
6AI Score
0.0004EPSS