Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 CVE-2024-3094 is a critical security vulnerabili...

[SECURITY] Fedora 40 Update: php-tcpdf-6.7.4-1.fc40

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

VulnCheck KEV: CVE-2024-27954

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery and Arbitrary File Downloads in all versions up to, and including, 3.92.0. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 CVSS score: 7.2,...

CVE-2024-27956

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0...

CVE-2024-27956

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0...

CVE-2024-27956 WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0...

CVE-2024-27956

Summary of CVE-2024-27956 (WordPress WP Automatic SQLi) : The WP Automatic plugin (WordPress) is vulnerable to unauthenticated SQL Injection, affecting versions up to 3.92.0 (and variants noting patch to 3.92.1). The underlying issue is insufficient input handling in the plugin’s SQL queries, ena...

WordPress Plugin WP Automatic SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WP Automatic is vulnerable...

Cheating Automatic Toll Booths by Obscuring License Plates

The Wall Street Journal is reporting on a variety of techniques drivers are using to obscure their license plates so that automatic readers cant identify them and charge tolls properly. Some drivers have power-washed paint off their plates or covered them with a range of household items such as...

Automatic < 3.92.1 - Cross-Site Request Forgery to Privilege Escalation

Description The Automatic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.92.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to escalate their privileges via a forged...

Automatic < 3.92.1 - Unauthenticated SQL Injection

Description The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

WordPress Automatic Plugin <= 3.92.0 is vulnerable to Arbitrary File Download

Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-27954 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9c2571e1c78b Credits Rafie Muhammad Patchstack...

WordPress Automatic Plugin <= 3.92.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2024-27955 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID cf1662afb1ce Credits Rafie Muhamma...

WordPress Automatic Plugin <= 3.92.0 is vulnerable to SQL Injection

Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-27956 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID aeab56860169 Credits Rafie Muhammad Patchstack Required privilege...

UBUNTU-CVE-2024-2357

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured secret. When such a connection is automatically added on startu...

Update now! JetBrains TeamCity vulnerability abused at scale

JetBrains issued a warning on March 4, 2024 about two serious vulnerabilities in TeamCity server. The flaws can be used by a remote, unauthenticated attacker with HTTPS access to a TeamCity on-premises server to bypass authentication checks and gain administrative control of the TeamCity server...

Fedora: Security Advisory (FEDORA-2024-bd4eed8466)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for suricata (FEDORA-2024-7b063bce0a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: dogtag-pki-11.5.0-3.fc40

Dogtag PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. Dogtag PKI consists of the following components: Certificate Authority CA Key Recovery Authority KRA Online Certificate Status Protocol OCSP Manager Token Key Service TKS Token...