CBL Mariner 2.0 Security Update: kernel (CVE-2024-50162)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50162 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect...

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 2, 2024 to December 8, 2024)

Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

SUSE CVE-2024-54131

The Kolide Agent aka: Launcher is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent known as launcher allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher started...

kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in BPFLINKCREATE bpfprogattach uses attachtypetoprogtype to enforce proper attach type for BPFPROGTYPECGROUPSKB. linkcreate uses bpfprogget and relies on...

GHSA-VMQH-5232-V43R Panic in wasmvm can slow down block production

CWA-2024-008 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

The vulnerability of the instance_create() method in the program for monitoring and adaptive configuration of system devices allows attackers to perform spoofing attacks.

The vulnerability of the instancecreate method in the program for monitoring and adaptive configuration of system devices related to insufficient validation of input data when processing the instancename parameter. Exploiting this vulnerability allows attackers to perform spoofing attacks...

6,000,000 WordPress Sites Protected Against Payment Refund and Subscription Cancellation Vulnerability in WPForms WordPress Plugin

💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

CVE-2024-8259 Unauthenticated SQLi in Eryaz IT's NatraCar B2B Dealer Management Program

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection. This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was...

CVE-2024-54225

CVE-2024-54225: WordPress Designer plugin (CodegearThemes Designer) contains a PHP Local File Inclusion due to improper filename control in include/require. Affected versions: Designer <= 1.3.3 (per NVD) with Wordfence listing Designer

MAL-2024-11426 Malicious code in programupdater (npm)

--- -= Per source details. Do not edit below this line.=-...

Eryaz NatraCar B2B Dealer Management Program 安全漏洞

Eryaz NatraCar B2B Dealer Management Program is a dealer management system from Eryaz. A security vulnerability exists in Eryaz NatraCar B2B Dealer Management Program that stems from improper use of special elements in SQL commands, resulting in a SQL injection vulnerability...

PT-2024-36975

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue is related to an invalid access to prog array in perf event detach bpf prog. A crash occurs when a tracepoint perf event with attr.inherit=1 is created, attached to a process, and a b...

CVE-2024-11380

The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11380

CVE-2024-11380 : The Mini Program API plugin for WordPress (versions ≤ 1.4.5) is affected by a stored XSS in the qvideo shortcode due to insufficient input sanitization/output escaping of user attributes. This allows authenticated attackers with contributor-level access or higher to inject script...

CVE-2024-11380 Mini Program API <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11380 Mini Program API <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin Mini Program API 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-16947 · WordPress · Mini Program Api

Name of the Vulnerable Software and Affected Versions: Mini Program API plugin for WordPress versions up to, and including, 1.4.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode due to insufficient input sanitization and output escaping on...

WordPress Mini Program API plugin <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Mini Program API versions = 1.4.5...

CVE-2024-52558

The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program...