SCALANCE X302-7 EEC (24V, Coated) Security Vulnerabilities

Top 10 Critical Pentest Findings 2024: What You Need to Know

One of the most effective ways for information technology (IT) professionals to uncover a company's weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization's...

CVE-2024-34813 WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34813 WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through...

CVE-2024-34824

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through...

CVE-2024-34824

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through...

Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.

Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597)...

CVE-2024-34824 WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through...

CVE-2024-34824 WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through...

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....

June 11, 2024—KB5039274 (Security-only update)

June 11, 2024—KB5039274 (Security-only update) __ End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see...

Description of the security update for SharePoint Enterprise Server 2016: June 11, 2024 (KB5002604)

Description of the security update for SharePoint Enterprise Server 2016: June 11, 2024 (KB5002604) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

June 11, 2024—KB5039289 (Monthly Rollup)

June 11, 2024—KB5039289 (Monthly Rollup) __ End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version of Windows. For more information, see Update...

CVE-2024-4319

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

CVE-2024-4319

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

CVE-2024-3723 Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

CVE-2024-4319 Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

CVE-2024-4319 Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

KB5039341: Servicing stack update for Windows Server 2008 SP2: June 11, 2024

KB5039341: Servicing stack update for Windows Server 2008 SP2: June 11, 2024 __ End of support information Windows Server 2008 SP2 Extended Security Updates third and final year of ESU ended on January 10, 2023. Many customers are taking advantage of Azures commitment to security and compliance...

KLA68920 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: Security vulnerability when...

Moderate: python-idna security update

The hsakmt packages include a thunk library for AMD's Heterogeneous System Architecture (HSA) Linux kernel driver (amdkfd). Security Fix(es): python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()...

Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure

Description The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data...

KLA68913 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: Use after free vulnerability in PDFium can be exploited to cause...

Oracle Linux 7 : bind, / bind-dyndb-ldap, / and / dhcp (ELSA-2024-3741)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3741 advisory. - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Speed up parsing of DNS messages with many different...

KLA68921 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information, perform cross-site scripting attack. Below is a complete list of...

Frontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation

Description The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the 'cf7frr' post meta. This makes it possible for authenticated attackers, with editor-level access and above,....

KB5039339: Servicing stack update for Windows Server 2008 R2 SP1: June 11, 2024

KB5039339: Servicing stack update for Windows Server 2008 R2 SP1: June 11, 2024 __ **End of support information ** As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 (SP1). We recommend that you upgrade to a supported version...

KLA68914 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: A denial of service vulnerability in DNS...

KLA68915 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in...

Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update

Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.11.0 for the security update in Java. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) | Version(s) ---|--- IBM...

CVE-2024-36407

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

CVE-2024-36407

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

CVE-2024-36407

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

CVE-2024-35747

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

CVE-2024-35747

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

CVE-2024-36407 SuiteCRM unauthenticated user password reset on php7

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

CVE-2024-36407 SuiteCRM unauthenticated user password reset on php7

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

Security Bulletin: IBM Master Data Management affected by IBM WebSphere Application Server vulnerabilities to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to...

A European Summer of Sports is Upon Us – What Does it Mean for Security?

The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....

Bypassing 2FA with phishing and OTP bots

Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today's websites offer some form of it, and some of them won't even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain...

CVE-2024-35741

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

CVE-2024-35741

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

CVE-2024-35720

Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...

CVE-2024-35720

Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...

CVE-2024-35720 WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...

CVE-2024-35720 WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...

CVE-2024-35741 WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...