The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...
6.4CVSS
5.7AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...
6.4CVSS
6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...
6.4CVSS
5.9AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...
6.4CVSS
5.8AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient....
6.4CVSS
5.7AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient....
6.4CVSS
6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient....
6.4CVSS
6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient....
6.4CVSS
5.8AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 121 vulnerabilities disclosed in 88...
9.8CVSS
9.6AI Score
0.001EPSS
The 3 most common post-compromise tactics on network infrastructure
We've been discussing networking devices quite a lot recently and how Advanced Persistent Threat actors (APTs) are using highly sophisticated tactics to target aging infrastructure for espionage purposes. Some of these attacks are also likely prepositioning the APTs for future disruptive or...
8.3AI Score
Predator spyware vendor banned in US
The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US. Predator can turn infected smartphones into surveillance devices. Intellexa is based in Greece but the Treasury Department imposed the sanctions because of.....
7.4AI Score
The year in figures 45.60% of all email sent worldwide and 46.59% of all email sent in the Runet (the Russian web segment) was spam 31.45% of all spam email was sent from Russia Kaspersky Mail Anti-Virus blocked 135,980,457 malicious email attachments Our Anti-Phishing system thwarted 709,590,011.....
7.8CVSS
7.3AI Score
0.974EPSS
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10...
6.4CVSS
5.7AI Score
0.0004EPSS
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to.....
6.4CVSS
5.7AI Score
0.0004EPSS
SharpCovertTube is a program created to control Windows systems remotely by uploading videos to Youtube. The program monitors a Youtube channel until a video is uploaded, decodes the QR code from the thumbnail of the uploaded video and executes a command. The QR codes in the videos can use...
7.8AI Score
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there.....
5.3CVSS
6.5AI Score
0.002EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed.....
6.5CVSS
7.1AI Score
0.063EPSS
Insufficiently Protected Credentials vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...
7.5CVSS
7.1AI Score
0.001EPSS
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other.....
5.4CVSS
6.6AI Score
0.001EPSS
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example,...
9.8CVSS
7AI Score
0.004EPSS
The Dark Side of Innovation: Cybercriminals and Their Adoption of GenAI
The Dark Side of Innovation: Cybercriminals and Their Adoption of GenAI By Jambul Tologonov and John Fokker · March 06, 2024 In the ever-evolving threat landscape, the Trellix Advanced Research Center has been at the forefront of understanding and combating the dual-edged sword of Generative...
6.9AI Score
0.033EPSS
Android Pixel Information Disclosure Vulnerability
Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive...
5.5CVSS
6.6AI Score
0.002EPSS
"Gotta Fly Now" is more closely associated with corporate hype videos or conferences with thousands of attendees in a mid-market city's convention center than it is from its origins in the "Rocky" movies. But Heather Couk thinks it's useful in incident response calls, too. Couk, an incident...
7.3AI Score
openSUSE: Security Advisory for seamonkey (openSUSE-SU-2022:10089-1)
The remote host is missing an update for...
7.5AI Score
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0386-1)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.002EPSS
openSUSE: Security Advisory for liferea (openSUSE-SU-2023:0096-1)
The remote host is missing an update for...
9.8CVSS
9.6AI Score
0.003EPSS
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0090-1)
The remote host is missing an update for...
6.1CVSS
5.2AI Score
0.001EPSS
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0171-1)
The remote host is missing an update for...
6.1CVSS
5.2AI Score
0.001EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0385-1)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.002EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0397-1)
The remote host is missing an update for...
9.6CVSS
9.1AI Score
0.074EPSS
openSUSE: Security Advisory for trivy (openSUSE-SU-2022:10081-1)
The remote host is missing an update for...
9.1CVSS
10AI Score
0.002EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0396-1)
The remote host is missing an update for...
9.6CVSS
9.1AI Score
0.074EPSS
Moukthar - Android Remote Administration Tool
Remote adminitration tool for android Features Notifications listener SMS listener Phone call recording Image capturing and screenshots Persistence Read & write contacts List installed applications Download & upload files Get device location Installation Clone repository console git clone...
7.4AI Score
Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is...
5.3CVSS
5.3AI Score
0.002EPSS
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that's designed to primarily target mobile devices. "This kit enables attackers to build carbon copies of single sign-on (SSO) pages,...
7.5AI Score
Exploit for Improper Control of Dynamically-Managed Code Resources in Apache Solr
Apache-Solr-RCE_CVE-2023-50386_POC Apache Solr Backup/Restore...
8.8CVSS
8.8AI Score
0.871EPSS
A Pornhub Chatbot Stopped Millions From Searching for Child Abuse Videos
Every time someone in the UK searched for child abuse material on Pornhub, a chatbot appeared and told them how to get...
7.2AI Score
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input.....
6.4CVSS
6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input.....
6.4CVSS
5.7AI Score
0.0004EPSS
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input...
6.4CVSS
6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input...
6.4CVSS
5.7AI Score
0.0004EPSS
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input...
6.4CVSS
6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input.....
6.4CVSS
6.1AI Score
0.0004EPSS
CentOS 9 : flatpak-1.12.8-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the flatpak-1.12.8-1.el9 build changelog. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8,...
10CVSS
7.1AI Score
0.008EPSS
ALPHV is singling out healthcare sector, say FBI and CISA
In an updated #StopRansomware security advisory, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) has warned the healthcare industry about the danger of the ALPHV ransomware group, also...
7.4AI Score
An educational robot security research
In the modern world, we are surrounded by a multitude of smart devices that simplify our daily lives: smart speakers, robotic vacuum cleaners, automatic pet feeders and even entire smart homes. Toy manufacturers are striving to keep up with these trends, releasing more and more models that can...
8.1AI Score
TimbreStealer campaign targets Mexican users with financial lures
Cisco Talos has discovered a new campaign operated by a threat actor distributing a previously unknown malware we're calling "TimbreStealer." This threat actor was observed distributing TimbreStealer via a spam campaign using Mexican tax-related themes starting in at least November 2023. The...
7.8AI Score
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub
An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it easily accessible to other actors at no extra cost. Written in C# and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT comes with a "comprehensive set...
7.5AI Score
Android banking trojans: How they steal passwords and drain bank accounts
For the most popular operating system in the world—which is Android and it isn’t even a contest—there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals. These are “Android banking trojans,” and, according to our 2024 ThreatDown State...
7.5AI Score
Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type
TL;DR This vulnerability affects Kirby sites that use the new link field and output the entered link without additional validation or sanitization. The attack commonly requires user interaction by another user or visitor. The link dialog of the writer field is not affected as the writer field...
4.6CVSS
5.7AI Score
0.0004EPSS