Lucene search
K

174 matches found

CVE
CVE
added 2024/03/31 7:35 p.m.63 views

CVE-2024-31084

CVE-2024-31084 is a Reflected XSS in Pulsar Web Design Weekly Class Schedule (WordPress plugin) affecting versions up to 3.19. The description notes improper input neutralization during web page generation. The connected Red Hat entry and other sources corroborate the vulnerability as Cross‑Site ...

7.1CVSS8.6AI score0.00354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/31 7:35 p.m.11 views

CVE-2024-31084 WordPress Weekly Class Schedule plugin <= 3.19 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pulsar Web Design Weekly Class Schedule allows Reflected XSS.This issue affects Weekly Class Schedule: from n/a through 3.19...

7.1CVSS6.9AI score0.00354EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/31 12:0 a.m.7 views

WordPress Plugin Weekly Class Schedule 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.1CVSS7.4AI score0.00354EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/03/29 11:12 a.m.6 views

WordPress Weekly Class Schedule plugin <= 3.19 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Weekly Class Schedule versions = 3.19...

7.1CVSS7.1AI score0.00354EPSS
Exploits0Affected Software1
Openbugbounty
Openbugbounty
added 2024/03/02 9:42 a.m.6 views

travelweekly.com.au Cross Site Scripting vulnerability OBB-3863813

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/02/08 2:49 p.m.73 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 122 vulnerabilities disclosed in 110...

7.5CVSS9.5AI score0.25679EPSS
Exploits34
hivepro
hivepro
added 2024/01/09 10:10 a.m.35 views

Attacks, Vulnerabilities and Actors 1 January to 7 January 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twelve executed attacks, two instances of adversary activity, and three exploited...

5.8CVSS8AI score0.0997EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/12/22 4:32 p.m.121 views

Metasploit Weekly Wrap-Up

Getting Looney with Privilege Escalation As if Metasploit couldn’t get any loonier, this release adds a brand new exploit module for Glibc Tunables Privilege Escalation aka Looney Tunables. Now, using linux/local/glibctunablesprivesc, you can check your target’s glibc version to see if it’s...

7.5CVSS8.8AI score0.99999EPSS
Exploits46
Tenable Nessus
Tenable Nessus
added 2023/10/18 12:0 a.m.124 views

Jenkins LTS < 2.414.3 / Jenkins weekly < 2.428 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.414.3 or Jenkins weekly prior to 2.428. It is, therefore, affected by multiple vulnerabilities: - Eclipse Jetty provides a web server and servlet container. In...

7.5CVSS7.5AI score0.99999EPSS
Exploits20References3
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.8 views

Lack of proper access restrictions on functions setConcRewards() and setAmbRewards()

Lines of code Vulnerability details Impact Contract Reward distribution can be drained / manipulated Proof of Concept For setConcRewards and setAmbRewards, they are both lack of proper access restrictions, leads to the situation that anyone can execute these functions. This oversight presents a...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/15 6:54 p.m.66 views

Metasploit Weekly Wrap-Up

Flask Cookies This week includes two modules related to Flask cookie signatures. One is specific to Apache Superset where session cookies can be resigned, allowing an attacker to elevate their privileges and dump the database connection strings. While adding this functionality, community member...

10CVSS9.8AI score0.99949EPSS
Exploits106
Wordfence Blog
Wordfence Blog
added 2023/09/07 12:51 p.m.152 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023)

Last week, there were 64 vulnerabilities disclosed in 61 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

7.5CVSS8AI score0.39294EPSS
Exploits22
hivepro
hivepro
added 2023/09/05 11:4 a.m.18 views

Attacks, Vulnerabilities and Actors 28 August to 3 September 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of six attacks executed, one vulnerability, and two different adversaries highlights...

6.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/08/31 12:57 p.m.123 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)

Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

5.8CVSS7AI score0.03495EPSS
Exploits23
Rapid7 Blog
Rapid7 Blog
added 2023/08/25 9:26 p.m.46 views

Metasploit Weekly Wrap-Up

PowershellPoint This week’s new features and improvements start with two new exploit modules leveraging CVE-2023-34960 Chamilo versions 1.11.18 and below and CVE-2023-26469 in Jorani 1.0.0. Like CVE-2023-34960, I too, feel attacked by PowerPoint sometimes. We also have several improvements,...

7.5CVSS10.4AI score0.99192EPSS
Exploits14
Malwarebytes
Malwarebytes
added 2023/08/25 6:15 p.m.42 views

Update now! Google Chrome's first weekly update has arrived

Google has published details about the first weekly update for the Chrome browser. Recently Google announced that it would start shipping weekly security updates for the Stable channel the version most of us use. Regular Chrome releases will still come every four weeks, but to get security fixes...

6.8CVSS7.4AI score0.3398EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/08/24 2:3 p.m.163 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023)

Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

7.5CVSS7.9AI score0.20888EPSS
Exploits22
Tenable Nessus
Tenable Nessus
added 2023/06/16 12:0 a.m.65 views

Jenkins LTS < 2.401.1 / Jenkins weekly < 2.400 XSRF

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.401.1 or Jenkins weekly prior to 2.400. It is, therefore, affected by the following vulnerability: - In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST...

8CVSS7.5AI score0.0086EPSS
Exploits0References2
OSV
OSV
added 2023/06/14 2:52 p.m.4 views

DRUPAL-CONTRIB-2023-020

This module enables you to define a 'weekly office hours' field type, and add a field to any Content type, in order to display the weekly opening hours for a location. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability...

6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/03/09 12:0 a.m.72 views

Jenkins LTS < 2.375.4 / Jenkins weekly < 2.394 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.375.4 or Jenkins weekly prior to 2.394. It is, therefore, affected by multiple vulnerabilities: - Apache Commons FileUpload before 1.5 does not limit the number of...

9.6CVSS7.9AI score0.46836EPSS
Exploits1References10
Rows per page
Query Builder