VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order...
7.8CVSS
7.8AI Score
0.0005EPSS
VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order...
7.8CVSS
7.8AI Score
0.0005EPSS
VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...
7.8CVSS
7.8AI Score
0.001EPSS
VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target...
7.8CVSS
7.8AI Score
0.0005EPSS
VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...
7.8CVSS
7.8AI Score
0.001EPSS
VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target...
7.8CVSS
7.8AI Score
0.0005EPSS
VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target...
7.8CVSS
8AI Score
0.0005EPSS
VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target...
7.8CVSS
7.2AI Score
0.0005EPSS
VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...
7.8CVSS
8AI Score
0.001EPSS
VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target...
7.8CVSS
8AI Score
0.0005EPSS
VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...
7.8CVSS
7.2AI Score
0.001EPSS
VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...
7.8CVSS
7.2AI Score
0.001EPSS
VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...
7.8CVSS
8AI Score
0.001EPSS
CVE-2023-32175 VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability
VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order...
7.8CVSS
8AI Score
0.0005EPSS
K000139508 : rust-openssl vulnerability CVE-2024-3296
Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial....
5.9CVSS
6.7AI Score
0.0004EPSS
HP Application Enabling Software Driver - Privileged File Overwrite
A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. Mitigation is available in HP Application...
7.5AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor.....
6.4CVSS
5.7AI Score
0.001EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in the plugin's widgets in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.7AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in the plugin's widgets in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.7AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor.....
6.4CVSS
5.8AI Score
0.001EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in the plugin's widgets in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.8AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor.....
6.4CVSS
5.8AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...
9.1AI Score
EPSS
Security Bulletin: Vulnerability in IBM Semeru Runtime affects Host On-Demand
Summary There is a vulnerability in IBM Semeru Runtime Quarterly Critical Patch Update - Jan 2024 - Includes OpenJDK Jan 2024 Critical Patch Update. Host On-Demand has addressed the applicable CVE plus CVE-2024-22361. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified...
7.5CVSS
6.5AI Score
0.001EPSS
Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Host On-Demand
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by Host On-Demand. Host On-Demand has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2023 Critical....
5.9CVSS
5.6AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2023 Critical Patch.....
9.1CVSS
6.7AI Score
0.001EPSS
K000139491 : VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250
Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into...
9.6CVSS
7.2AI Score
0.0004EPSS
K000139489 : PostgreSQL JDBC Driver vulnerability CVE-2024-1597
Security Advisory Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a...
9.8CVSS
8.2AI Score
0.001EPSS
How to Make Your Employees Your First Line of Cyber Defense
There's a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you've got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts.....
6.7AI Score
The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Missing Authorization
Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the Tp_f_delete_transient() function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...
4.3CVSS
6.7AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1480-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1480-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic...
7.8CVSS
8AI Score
EPSS
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath...
6AI Score
0.0004EPSS
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath...
6.3AI Score
0.0004EPSS
K000139446 : Oracle Java vulnerability CVE-2024-21005
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...
3.1CVSS
5.6AI Score
0.0005EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1466-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1466-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
7.5AI Score
EPSS
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath...
6.3AI Score
0.0004EPSS
K000139430 : Linux kernel vulnerability CVE-2024-1086
Security Advisory Description A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow()...
7.8CVSS
6.9AI Score
0.002EPSS
Reviews Plus < 1.3.5 - Missing Authorization to Notice Dismissal
Description The Reviews Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_hide_revs_translation_notice() function in versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with...
4.3CVSS
6.7AI Score
0.0004EPSS
Fedora 40 : gh (2024-48aa5f1dae)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-48aa5f1dae advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...
5.9CVSS
7.1AI Score
0.963EPSS
Fedora 40 : python-asyncssh (2023-a3af7820e8)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a3af7820e8 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...
5.9CVSS
7.1AI Score
0.963EPSS
K000139429 : Oracle GraalVM Vulnerability CVE-2024-20954 and CVE-2024-21098
Security Advisory Description CVE-2024-20954 Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition:...
3.7CVSS
5.3AI Score
0.0005EPSS
Fedora 40 : golang-x-crypto (2024-0d8d3b8dcc)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0d8d3b8dcc advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...
5.9CVSS
7.1AI Score
0.963EPSS
Fedora 40 : doctl (2023-0355346550)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0355346550 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...
5.9CVSS
7.1AI Score
0.963EPSS
School Employee Allegedly Framed a Principal With Racist Deepfake Rant
Plus: Google holds off on killing cookies, Samourai Wallet founders get arrested, and GM stops driver surveillance...
7.3AI Score
K000139423 : OpenJDK vulnerabilities CVE-2024-21002, CVE-2024-21003, and CVE-2024-21004
Security Advisory Description CVE-2024-21002 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to...
3.1CVSS
5.4AI Score
0.0005EPSS
Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-32822 WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
CentOS 9 : libssh-0.10.4-12.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libssh-0.10.4-12.el9 build changelog. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...
5.9CVSS
7.4AI Score
0.963EPSS
CentOS 9 : openssh-8.7p1-38.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssh-8.7p1-38.el9 build changelog. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
5.9CVSS
7.2AI Score
0.963EPSS