Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs
Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows...
7.3AI Score
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email...
6.5CVSS
7.2AI Score
0.0005EPSS
Description The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers.....
5.3CVSS
6.8AI Score
0.0005EPSS
openSUSE: Security Advisory for glibc (SUSE-SU-2024:1895-1)
The remote host is missing an update for...
5AI Score
0.0004EPSS
TikTok Hack Targets ‘High-Profile’ Users via DMs
TikTok has confirmed a “potential exploit” that is being used to go after accounts belonging to media organizations and celebrities, including CNN and Paris Hilton, through direct...
7.2AI Score
Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...
8.3CVSS
7.2AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...
8.3CVSS
8.4AI Score
0.0004EPSS
CVE-2023-47837 WordPress ARMember plugin <= 4.0.10 - Membership Plan Bypass vulnerability
Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...
8.3CVSS
7AI Score
0.0004EPSS
CVE-2023-47837 WordPress ARMember plugin <= 4.0.10 - Membership Plan Bypass vulnerability
Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through...
8.3CVSS
8.4AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glibc (SUSE-SU-2024:1895-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1895-1 advisory. - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) -....
4.7AI Score
0.0004EPSS
5.3CVSS
7.1AI Score
0.004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a cross-site...
4.7CVSS
5.5AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...
7.5CVSS
6.4AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...
4.3CVSS
5.6AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...
5.3CVSS
5.7AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...
5.9CVSS
6.2AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...
4.3CVSS
5.6AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...
5.9CVSS
6.3AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...
6.1AI Score
0.0004EPSS
Insufficiently Protected Credentials
SimpleSAMLphp is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to credentials being insecurely saved to the user's session state when the ECP profile is disabled but supported in the Identity Provider's metadata, which could result in an attacker with administrator...
7AI Score
7.5CVSS
6.5AI Score
0.013EPSS
RHEL 8 : perl-dbi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-dbi: Buffer overflow on an overlong DBD class name (CVE-2020-14393) An issue was discovered in the...
7.1CVSS
8.1AI Score
0.001EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...
8CVSS
8.3AI Score
EPSS
RHEL 5 : sssd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. sssd: information leak from the sssd-sudo responder (CVE-2018-10852) The System Security Services Daemon...
7.5CVSS
5.8AI Score
0.014EPSS
RHEL 8 : fop (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. batik: Server-Side Request Forgery vulnerability (CVE-2022-44729) Server-Side Request Forgery (SSRF)...
7.1CVSS
7.2AI Score
0.001EPSS
6.4AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it...
7.1CVSS
6.7AI Score
0.001EPSS
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it...
7.1CVSS
6.8AI Score
0.001EPSS
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it...
7.1CVSS
6.8AI Score
0.001EPSS
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it...
7.1CVSS
6.5AI Score
0.001EPSS
...
8.6CVSS
6.3AI Score
0.945EPSS
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
8.2CVSS
6.8AI Score
0.959EPSS
Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This....
7.1CVSS
6.4AI Score
0.001EPSS
5.3CVSS
6.6AI Score
0.01EPSS
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...
9.8CVSS
8.7AI Score
0.039EPSS
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...
9.8CVSS
7.2AI Score
0.039EPSS
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...
9.8CVSS
9.5AI Score
0.039EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
9.8CVSS
10AI Score
0.035EPSS
TYPO3 Cross-Site Scripting in Frontend User Login
Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template.....
6.4AI Score
TYPO3 Cross-Site Scripting in Frontend User Login
Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template.....
6.4AI Score
6.1CVSS
6AI Score
0.004EPSS
Code injection in the way Symfony implements translation caching in FrameworkBundle
When investigating issue #11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. Your Symfony application is vulnerable if you meet the following conditions: You are using the Symfony translation system from...
7.1AI Score
EPSS
Code injection in the way Symfony implements translation caching in FrameworkBundle
When investigating issue #11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. Your Symfony application is vulnerable if you meet the following conditions: You are using the Symfony translation system from...
7.6AI Score
EPSS
SUSE SLES15 / openSUSE 15 Security Update : warewulf4 (SUSE-SU-2024:1838-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1838-1 advisory. - fixed wwctl configure --all doesn't configure ssh (bsc#1225402) - update to 4.5.2 with following changes: * Reorder dnsmasq config to...
8.3CVSS
6.5AI Score
0.0004EPSS
UserPro < 5.1.9 - Unauthenticated Account Takeover to Privilege Escalation
Description The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthenticated account takeover in all versions up to, and including 5.1.8. This makes it possible for unauthenticated attackers to take over user accounts and gain highly privileged access....
9.8CVSS
9.4AI Score
0.001EPSS
7.2AI Score
0.0004EPSS
Summary IBM WebSphere Application Server (WAS) is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section....
7CVSS
6.7AI Score
0.0004EPSS