The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....
9CVSS
0.0004EPSS
The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....
9CVSS
7.4AI Score
0.0004EPSS
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or...
0.0004EPSS
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or...
6.5AI Score
0.0004EPSS
Adobe Substance 3D Stager < 3.0.2 Multiple Vulnerabilities (APSB24-43) (macOS)
The version of Adobe Substance 3D Stager installed on the remote macOS host is prior to 3.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-43 advisory. Successful exploitation could lead to arbitrary code execution in the context of the current user. Note...
7.8CVSS
7.8AI Score
0.001EPSS
Rife Free < 2.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Rife Free theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level....
6.5CVSS
5.8AI Score
0.0004EPSS
Pixgraphy < 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Pixgraphy theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject.....
6.5CVSS
5.8AI Score
0.0004EPSS
Idyllic < 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Idyllic theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display name in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access....
6.5CVSS
5.8AI Score
0.0004EPSS
The vulnerability of the RelinquishDCMInfo() function of the dcm.c component of the ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial....
7.1CVSS
7.3AI Score
0.001EPSS
Vulnerability in program/lib/Roundcube/rcube_string_replacer.php component of RoundCube mail client Webmail exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting (XSS)...
6.1CVSS
6.2AI Score
0.113EPSS
A vulnerability in the tls_new_ciphertext() function of the iPXE network boot standard is related to manipulation of the pad_len argument in the src/net/tls.c file of the TLS component. Exploitation of the vulnerability could allow an attacker acting remotely to disclose sensitive...
4.3CVSS
6.7AI Score
0.001EPSS
Theme < 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Event theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display name in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...
6.5CVSS
5.8AI Score
0.0004EPSS
Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content
Following days of user pushback that included allegations of forcing a "spyware-like" Terms of Service (ToS) update into its products, design software giant Adobe explained itself with several clarifications. Apparently, the concerns raised by the community, especially among Photoshop and...
6.9AI Score
Introducing the 0-day Threat Hunt Bug Bounty Promo Through July 11th, 2024!
At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 5 million WordPress websites. That's why we’ve decided to run another exciting and new promotion for our Bug Bounty Program. With this promotion, our goal is to get more of the highest...
7.8AI Score
The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....
6.4CVSS
5.8AI Score
0.001EPSS
The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....
6.4CVSS
0.001EPSS
The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....
6.4CVSS
0.001EPSS
The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....
6.4CVSS
5.8AI Score
0.001EPSS
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....
9.8CVSS
8.7AI Score
0.05EPSS
[SECURITY] Fedora 39 Update: singularity-ce-3.11.5^20240603gbd4675f-1.fc39
SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and...
8.3CVSS
5.7AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queues. This causes to a....
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ice: Do not use WQ_MEM_RECLAIM flag for workqueue When both ice and the irdma driver are loaded, a warning in check_flush_dependency is being triggered. This is due to ice driver workqueue being allocated with the WQ_MEM_RECLAIM...
6.7AI Score
0.0004EPSS
Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to...
6.4AI Score
EPSS
Bloglo < 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Bloglo theme for WordPress is vulnerable to Stored Cross-Site Scripting via author names in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
6.5CVSS
5.8AI Score
0.0004EPSS
Description The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it...
6.4CVSS
5.8AI Score
0.001EPSS
Fedora: Security Advisory for singularity-ce (FEDORA-2024-c95d3199c5)
The remote host is missing an update for...
8.3CVSS
8.6AI Score
0.0005EPSS
Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF...
6.7AI Score
EPSS
Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie....
9CVSS
7.3AI Score
0.0004EPSS
Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to...
6.4AI Score
EPSS
Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a...
6.8AI Score
EPSS
Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF...
6.7AI Score
EPSS
Radcliffe 2 < 2.0.18 - Missing Authorization
Description The radcliffe-2 theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to perform an unauthorized...
5.3CVSS
6.7AI Score
0.0004EPSS
Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group PoC The PoC will be displayed on June 26, 2024, to give users...
6.5AI Score
EPSS
Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS
Description The theme does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting...
5.8AI Score
EPSS
Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS
Description The theme does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks PoC The PoC will be displayed on June 26, 2024, to give users the time to...
5.5AI Score
EPSS
Securing Online Business Transactions: Essential Tools and Practices
Enhance your online transaction security with encryption, VPNs, and authentication. Understand threats, address vulnerabilities, and use secure payment gateways. Stay compliant with PCI DSS and regulatory standards to protect your business and build customer...
7.4AI Score
Creating Secure CRM Pipelines in Construction: Best Practices and Essential Strategies
Secure your construction company's CRM pipeline to protect client data and streamline operations. A specialized CRM enhances communication, reduces errors, and supports scalable growth with advanced security features and automation...
7.3AI Score
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...
9CVSS
9.1AI Score
0.0004EPSS
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...
9CVSS
0.0004EPSS
Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review
Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...
9.8CVSS
9.3AI Score
0.003EPSS
Only one critical issue disclosed as part of Microsoft Patch Tuesday
Microsoft released its monthly security update Tuesday, disclosing 49 vulnerabilities across its suite of products and software. Of those there is only one critical vulnerability. Every other security issues disclosed this month is considered "important." The lone critical security issue is...
9.8CVSS
9.8AI Score
0.003EPSS
8.1CVSS
0.001EPSS
8.1CVSS
8.1AI Score
0.001EPSS
4.4CVSS
0.0005EPSS
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...
5.5CVSS
0.0004EPSS
5.7CVSS
0.001EPSS
7CVSS
6.9AI Score
0.0004EPSS
5.7CVSS
5.3AI Score
0.001EPSS
7.1CVSS
0.0004EPSS
7CVSS
0.0004EPSS