Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through...
5.4CVSS
5.7AI Score
0.0004EPSS
9.8CVSS
7.4AI Score
0.001EPSS
Exploit for Cross-site Scripting in Cpanel
CVE-2023-29489 exploit This script can exploit many...
6.1CVSS
7AI Score
0.004EPSS
[CVE-2024-24576](https://nvd.nist.gov/vuln/detail/CVE-2024-245......
10CVSS
9.7AI Score
0.0005EPSS
Hi Team, I noticed a bug in the licenses which may lead to extend the expire date of existing license. To be honest, it is hard for me to reproduce it. I was plan to see if the license still works after ███████. I think it's better to report this issue to you althought it may prove it is just a...
6.9AI Score
Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...
8CVSS
7.6AI Score
EPSS
Friday Squid Blogging: The Awfulness of Squid Fishing Boats
It's a pretty awful story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...
7.2AI Score
PoC for CVE-2023-45288 This is a proof-of-concept code for...
7.3AI Score
Demo My WordPress < 1.1.0 - Unauthenticated Privilege Escalation
Description The Demo My WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.9.1. This is due to insufficient verification on privilege assignment. This makes it possible for unauthenticated attackers to gain elevated access to a vulnerable....
9.8CVSS
7.5AI Score
0.0004EPSS
9.8CVSS
7.4AI Score
0.001EPSS
Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter
...
9.8CVSS
7.4AI Score
0.001EPSS
Why CISA is Warning CISOs About a Breach at Sisense
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense....
7.5AI Score
Root my webOS TV A simple python script that starts a telnet...
7.2AI Score
The internet is already scary enough without April Fool’s jokes
I feel like over the past several years, the "holiday" that is April Fool's Day has really died down. At this point, there are few headlines you can write that would be more ridiculous than something you'd find on a news site any day of the week. And there are so many more serious issues that are.....
7.3AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...
9.9CVSS
9.8AI Score
0.082EPSS
Cosign malicious artifacts can cause machine-wide DoS
Maliciously-crafted software artifacts can cause denial of service of the machine running Cosign, thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted.....
4.2CVSS
4.9AI Score
0.0004EPSS
Cosign malicious artifacts can cause machine-wide DoS
Maliciously-crafted software artifacts can cause denial of service of the machine running Cosign, thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted.....
4.2CVSS
7.3AI Score
0.0004EPSS
AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)
IBM SECURITY ADVISORY First Issued: Thu Apr 11 15:33:45 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/sendmail_advisory4.asc Security Bulletin: AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)...
5.3CVSS
5.8AI Score
0.002EPSS
IBM SECURITY ADVISORY First Issued: Thu Apr 11 15:29:16 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory8.asc Security Bulletin: AIX is affected by multiple vulnerabilities due to Python (CVE-2023-52425,...
7.8CVSS
7.3AI Score
0.001EPSS
Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
The April 2024 Patch Tuesday update includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by...
8.8CVSS
8.2AI Score
0.004EPSS
SAP NetWeaver SSRF (April 2024)
SAP NetWeaver is affected by a server-side request forgery (SSRF) vulnerability. Due to insufficient input validation, SAP NetWeaver application (tc~esi~esp~grmg~wshealthcheck~ear) allows an unauthenticated attacker to send crafted requests from a vulnerable web application targeting internal...
5.3CVSS
7.2AI Score
0.0004EPSS
SAP NetWeaver AS Java Information Disclosure (April 2024)
SAP NetWeaver Application Server for Java is affected by an information disclosure vulnerability. 'Self-Registration' and 'Modify your own profile' in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer....
8.8CVSS
6.7AI Score
0.0004EPSS
SAP NetWeaver AS ABAP DoS (April 2024)
The remote SAP NetWeaver ABAP server may be affected by a denial of service (DoS) vulnerability. The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to.....
6.5CVSS
7.1AI Score
0.0004EPSS
SAP BusinessObjects Business Intelligence Platform Information Disclosure (3421384)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by an information disclosure vulnerability. Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system....
7.7CVSS
7.3AI Score
0.0004EPSS
Introducing the Digital Footprint Portal
Digital security is about so much more than malware. That wasn’t always the case. When I started Malwarebytes more than 16 years ago, malware was the primary security concern—the annoying pop-ups, the fast-spreading viruses, the catastrophic worms—and throughout our company’s history,...
7AI Score
10CVSS
7.6AI Score
0.0005EPSS
10CVSS
7.6AI Score
0.0005EPSS
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the...
4.3CVSS
7.3AI Score
0.0004EPSS
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on...
6.5CVSS
6.5AI Score
0.0004EPSS
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application....
4.3CVSS
5AI Score
0.0004EPSS
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application....
4.3CVSS
7.3AI Score
0.0004EPSS
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the...
4.3CVSS
5AI Score
0.0004EPSS
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on...
6.5CVSS
6.7AI Score
0.0004EPSS
The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is...
4.8CVSS
6.2AI Score
0.0004EPSS
The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is...
4.8CVSS
4.9AI Score
0.0004EPSS
The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client...
4.8CVSS
6.5AI Score
0.0004EPSS
The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client...
4.8CVSS
5AI Score
0.0004EPSS
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization...
6.5CVSS
6.8AI Score
0.0004EPSS
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization...
6.5CVSS
7.2AI Score
0.0004EPSS
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request...
5.3CVSS
5.2AI Score
0.0004EPSS
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the...
7.2CVSS
6.3AI Score
0.0004EPSS
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request...
5.3CVSS
6.7AI Score
0.0004EPSS
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the...
7.2CVSS
6.7AI Score
0.0004EPSS
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the...
7.7CVSS
7.3AI Score
0.0004EPSS
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both...
8.8CVSS
8.7AI Score
0.0004EPSS
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the...
7.7CVSS
6.2AI Score
0.0004EPSS
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both...
8.8CVSS
6.7AI Score
0.0004EPSS
CVE-2024-30218 Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on...
6.5CVSS
6.7AI Score
0.0004EPSS
CVE-2024-30217 Missing Authorization check in SAP S/4 HANA (Cash Management)
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application....
4.3CVSS
5.4AI Score
0.0004EPSS
CVE-2024-30216 Missing Authorization check in SAP S/4 HANA (Cash Management)
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the...
4.3CVSS
5.4AI Score
0.0004EPSS