Slack integration leaks sensitive information in logs
Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: guac, fuse-overlayfs-snapshotter, goreleaser, melange, restic, tekton-chains, kyverno-policy-reporter, trust-manager, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, fulcio, kor, cfssl, external-dns, kuberay-operator,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, fq, go-licenses, bom, kyverno-policy-reporter, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, kor, cfssl, newrelic-prometheus-configurator, external-dns, govulncheck, kuberay-operator,...
6.5AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, melange, fq, restic, harbor-scanner-trivy, tekton-chains, bom, nri-consul, trust-manager, prometheus-beat-exporter, fulcio, external-dns, terragrunt, tflint, flux, gh, gke-gcloud-auth-plugin, kubernetes-dashboard, keda, velero,...
7AI Score
0.0004EPSS
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, bom, trust-manager, kubernetes-csi-external-snapshotter, aactl, external-dns, flux, prometheus, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, weaviate, kubernetes-dashboard, keda, aws-efs-csi-driver,...
6.5AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: guac, fuse-overlayfs-snapshotter, goreleaser, melange, restic, tekton-chains, kyverno-policy-reporter, trust-manager, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, fulcio, kor, cfssl, external-dns, kuberay-operator,...
6.7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, fq, go-licenses, bom, kyverno-policy-reporter, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, kor, cfssl, newrelic-prometheus-configurator, external-dns, govulncheck, kuberay-operator,...
6.5AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, fq, go-licenses, bom, kyverno-policy-reporter, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, kor, cfssl, newrelic-prometheus-configurator, external-dns, govulncheck, kuberay-operator,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, melange, fq, restic, harbor-scanner-trivy, tekton-chains, bom, nri-consul, trust-manager, prometheus-beat-exporter, fulcio, external-dns, terragrunt, tflint, flux, gh, gke-gcloud-auth-plugin, kubernetes-dashboard, keda, velero,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, tekton-chains, go, bom, trust-manager, slsa-verifier, aactl, kubernetes-csi-external-snapshotter, external-dns, flux, prometheus, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, weaviate, kubescape, kubernetes-dashboard,...
8.2AI Score
0.002EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, fq, go-licenses, bom, kyverno-policy-reporter, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, kor, cfssl, newrelic-prometheus-configurator, external-dns, govulncheck, kuberay-operator,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, fq, go-licenses, bom, kyverno-policy-reporter, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, kor, cfssl, newrelic-prometheus-configurator, external-dns, govulncheck, kuberay-operator,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, fq, go-licenses, bom, kyverno-policy-reporter, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, kor, cfssl, newrelic-prometheus-configurator, external-dns, govulncheck, kuberay-operator,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, bom, trust-manager, kubernetes-csi-external-snapshotter, aactl, external-dns, flux, prometheus, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, weaviate, kubernetes-dashboard, keda, aws-efs-csi-driver,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, tekton-chains, go, bom, trust-manager, slsa-verifier, aactl, kubernetes-csi-external-snapshotter, external-dns, flux, prometheus, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, weaviate, kubescape, kubernetes-dashboard,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, fq, go-licenses, bom, kyverno-policy-reporter, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, kor, cfssl, newrelic-prometheus-configurator, external-dns, govulncheck, kuberay-operator,...
6.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, fq, go-licenses, bom, kyverno-policy-reporter, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, kor, cfssl, newrelic-prometheus-configurator, external-dns, govulncheck, kuberay-operator,...
6.5AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, fq, go-licenses, bom, kyverno-policy-reporter, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, kor, cfssl, newrelic-prometheus-configurator, external-dns, govulncheck, kuberay-operator,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, fq, go-licenses, bom, kyverno-policy-reporter, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, kor, cfssl, newrelic-prometheus-configurator, external-dns, govulncheck, kuberay-operator,...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....
7.2AI Score
10AI Score
Ticketmaster confirms customer data breach
Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...
7.4AI Score
6.9AI Score
0.0004EPSS
CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it....
7.2AI Score
How to tell if a VPN app added your Windows device to a botnet
On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....
7.2AI Score
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
6.1AI Score
0.001EPSS
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
6.9AI Score
0.0004EPSS
CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
6.7AI Score
0.0004EPSS
8.2AI Score
[SECURITY] Fedora 39 Update: roundcubemail-1.6.7-1.fc39
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
7.3AI Score
[SECURITY] Fedora 40 Update: roundcubemail-1.6.7-1.fc40
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....
7.2AI Score
7.1AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not...
6.6AI Score
TYPO3 Arbitrary Shell Execution in Swiftmailer library
The swiftmailer library in use allows to execute arbitrary shell commands if the "From" header comes from a non-trusted source and no "Return-Path" is configured. Affected are only TYPO3 installation the configuration option $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] is set to "sendmail"....
7.9AI Score
TYPO3 Arbitrary Shell Execution in Swiftmailer library
The swiftmailer library in use allows to execute arbitrary shell commands if the "From" header comes from a non-trusted source and no "Return-Path" is configured. Affected are only TYPO3 installation the configuration option $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] is set to "sendmail"....
7.9AI Score
Beware of scammers impersonating Malwarebytes
Scammers love to bank on the good name of legitimate companies to gain the trust of their intended targets. Recently, it came to our attention that a cybercriminal is using fake websites for security products to spread malware. One of those websites was impersonating the Malwarebytes brand. Image.....
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...
6.5AI Score
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...
7.2AI Score
CVE-2024-36950 firewire: ohci: mask bus reset interrupts between ISR and bottom half
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...
7AI Score
CVE-2024-36881 mm/userfaultfd: reset ptes when close() for wr-protected ones
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
9.2AI Score
0.001EPSS
‘Operation Endgame’ Hits Malware Delivery Platforms
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort.....
7.1AI Score
The Ticketmaster “breach”—what you need to know
Earlier this week, a cybercriminal group posted an alleged database up for sale online which, it says, contains customer and card details of 560 million Live Nation/Ticketmaster users. The data was offered for sale on one forum under the name "Shiny Hunters". ShinyHunters is the online handle for.....
7.3AI Score
The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied...
7.2CVSS
7.5AI Score
0.001EPSS
The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied...
7.5AI Score
0.001EPSS
The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings...
4.3CVSS
6.6AI Score
0.0005EPSS
The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged...
4.3CVSS
6.8AI Score
0.0005EPSS
The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via....
4.3CVSS
6.8AI Score
0.0004EPSS