The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
5.4CVSS
5.9AI Score
0.0004EPSS
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF Vulnerability Details ** CVEID: CVE-2023-6228 DESCRIPTION: **LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in cpStripToTile() function in tools/tiffcp.c. By...
5.5CVSS
7.5AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...
7.5CVSS
6.4AI Score
0.0004EPSS
[SECURITY] [DSA 5707-1] vlc security update
Debian Security Advisory DSA-5707-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq Package : vlc CVE ID : not yet available A buffer overflow...
7.3AI Score
Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...
5.9CVSS
6.3AI Score
0.0004EPSS
The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordion_content_source' attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible....
6.4CVSS
5.8AI Score
0.0004EPSS
Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...
5.9CVSS
6.2AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228! The current program remove the class...
10CVSS
10AI Score
0.976EPSS
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...
3.8CVSS
6.8AI Score
0.001EPSS
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157980 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are...
3.7CVSS
4.6AI Score
0.0004EPSS
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also...
7.5CVSS
7.5AI Score
0.008EPSS
An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...
7.9CVSS
8.2AI Score
EPSS
Multiple vulnerabilities in IBM Java SDK affect AIX
IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:10:30 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_jun2024_advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...
5.9CVSS
4.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections...
7AI Score
0.0004EPSS
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate...
8.7CVSS
5.9AI Score
0.006EPSS
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of...
7.5CVSS
7.4AI Score
0.002EPSS
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...
4.4CVSS
4.8AI Score
0.0004EPSS
The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a cross-site...
4.7CVSS
5.5AI Score
0.0004EPSS
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID: CVE-2024-35155 DESCRIPTION: IBM MQ Console could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the...
6.5CVSS
6.1AI Score
EPSS
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of...
7.5CVSS
6.5AI Score
0.002EPSS
Security Bulletin: IBM MQ is affected by a password disclosure vulnerability (CVE-2024-35156)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ REST API. Vulnerability Details CVEID: CVE-2024-35156 DESCRIPTION: IBM MQ could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This...
6.5CVSS
6.1AI Score
EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...
4.3CVSS
5.6AI Score
0.0004EPSS
openSUSE Security Update : wireshark (openSUSE-2019-837)
This update for wireshark fixes the following issues : Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed : CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated...
7.5CVSS
7.8AI Score
0.007EPSS
The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details ** CVEID: CVE-2024-31033 DESCRIPTION: **An unspecified error with ignoring certain characters in jwtk JJWT (aka Java JWT) has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal...
6AI Score
0.0004EPSS
Pixel Watch Security Bulletin—June 2024
The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices (Google Devices). For Google devices, security patch levels of 2024-06-05 or later address all applicable issues in the June 2024 Android Security Bulletin and all issues in this bulletin......
7.7AI Score
curl is vulnerable to Certificate Validation. The vulnerability is due to a flaw in libcurl when built with wolfSSL and the error path inadvertently bypassing certificate verification when encountering unknown or bad ciphers or curves, allows for certificate verification to be skipped for QUIC...
6.1AI Score
0.0004EPSS
Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability (Using third-party datastore Operators) as part of the postgres operator (CVE-2024-27304). This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID:...
9.8CVSS
7.5AI Score
0.0004EPSS
Grafana Plugin signature bypass
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31123 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.8CVSS
7.7AI Score
0.001EPSS
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM WebSphere. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS...
5.3CVSS
5.4AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0753
Updates of ['linux-rt', 'linux-esx', 'linux-secure', 'linux-aws', 'linux', 'sssd'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before...
6.1CVSS
6.8AI Score
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.9AI Score
0.001EPSS
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
4.4CVSS
4.8AI Score
0.0004EPSS
Cloned-Restore Fails on OpenShift Clusters with ImagePull Error
Veeam Support Knowledge Base answer to: Cloned-Restore Fails on OpenShift Clusters with ImagePull...
7.1AI Score
Exports Don't Work After Veeam Kasten for Kubernetes Reinstall
Veeam Support Knowledge Base answer to: Exports Don't Work After Veeam Kasten for Kubernetes...
7.2AI Score
[SECURITY] Fedora 39 Update: libvirt-9.7.0-4.fc39
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization...
6.2CVSS
7.2AI Score
0.0004EPSS
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions...
6.1CVSS
5.4AI Score
0.001EPSS
Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...
4.3CVSS
5.6AI Score
0.0004EPSS
wolfssl is vulnerable to Key Boundary Confusion attack. The vulnerability is due to wolfSSL failing to enforce boundaries between (D)TLS messages handled by different keys, allowing for the amalgamation of messages meant for different security contexts into a single...
5.3CVSS
6.7AI Score
0.0004EPSS
Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana
Grafana Stored Cross-site Scripting in Unified Alerting in...
8.7CVSS
8.2AI Score
0.006EPSS
Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana
Grafana account takeover via OAuth vulnerability in...
7.5CVSS
7.5AI Score
0.002EPSS
Veeam Primary Storage Integration processing overview
Veeam Support Knowledge Base answer to: Veeam Primary Storage Integration processing...
4.2AI Score
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through...
9.9CVSS
9.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections...
7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: booth-1.2-1.fc40
Booth manages tickets which authorize cluster sites located in geographically dispersed locations to run resources. It facilitates support of geographically distributed clustering in...
5.9CVSS
7.2AI Score
0.001EPSS
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support...
8.6CVSS
8.7AI Score
0.0004EPSS