CISA: Ivanti Releases Security Updates for Multiple Products
Ivanti Releases Security Updates for Multiple Products Ivanti released security updates to address vulnerabilities in Ivanti Cloud Service Application, Ivanti...
CISA: CISA Releases Ten Industrial Control Systems Advisories
CISA Releases Ten Industrial Control Systems Advisories CISA released ten Industrial Control Systems (ICS) advisories on December 12, 2024. These...
CISA: CISA and EPA Release Joint Fact Sheet Detailing Risks Internet-Exposed HMIs Pose to WWS Sector
CISA and EPA Release Joint Fact Sheet Detailing Risks Internet-Exposed HMIs Pose to WWS Sector Today, CISA and the Environmental...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CVE Alert: CVE-2024-11873
Vulnerability Summary: CVE-2024-11873 The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomex_integration' shortcode...
CVE Alert: CVE-2024-11869
Vulnerability Summary: CVE-2024-11869 The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk'...
CVE Alert: CVE-2024-11888
Vulnerability Summary: CVE-2024-11888 The IDer Login for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
CVE Alert: CVE-2024-11867
Vulnerability Summary: CVE-2024-11867 The Companion Portfolio – Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
CVE Alert: CVE-2024-11865
Vulnerability Summary: CVE-2024-11865 The Tabs Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and...
CVE Alert: CVE-2024-11884
Vulnerability Summary: CVE-2024-11884 The Wp photo text slider 50 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
CVE Alert: CVE-2024-11879
Vulnerability Summary: CVE-2024-11879 The Stripe Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stripe_donation' shortcode...
CVE Alert: CVE-2024-11877
Vulnerability Summary: CVE-2024-11877 The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score'...
CVE Alert: CVE-2024-11883
Vulnerability Summary: CVE-2024-11883 The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx_script_code'...
CVE Alert: CVE-2024-12448
Vulnerability Summary: CVE-2024-12448 The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
HackerOne Bug Bounty Disclosure: nextcloud-mail-does-not-respect-download-permissions-in-shares-rullzer
Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:rullzerLink to Submitters Profile:https://hackerone.com/rullzer Report Title:Nextcloud mail does not respect download permissions...
HackerOne Bug Bounty Disclosure: incomplete-sanitization-in-svg-preview-provider-pulsejet
Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:pulsejetLink to Submitters Profile:https://hackerone.com/pulsejet Report Title:Incomplete sanitization in SVG preview providerReport Link:https://hackerone.com/reports/2484499Date...
HackerOne Bug Bounty Disclosure: x-e-ee-signature-verification-can-be-bypassed-leading-to-loss-of-confidentiality-of-end-to-end-encrypted-files-d-xuan
Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:d-xuanLink to Submitters Profile:https://hackerone.com/d-xuan Report Title:X-E2EE-SIGNATURE verification can be bypassed, leading to...
CVE Alert: CVE-2024-12411
Vulnerability Summary: CVE-2024-12411 The WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More plugin for...
CVE Alert: CVE-2024-11889
Vulnerability Summary: CVE-2024-11889 The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
CVE Alert: CVE-2024-11894
Vulnerability Summary: CVE-2024-11894 The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode...
CVE Alert: CVE-2024-12447
Vulnerability Summary: CVE-2024-12447 The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all...
CVE Alert: CVE-2024-12555
Vulnerability Summary: CVE-2024-12555 The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,...
CVE Alert: CVE-2024-12458
Vulnerability Summary: CVE-2024-12458 The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button'...
CVE Alert: CVE-2024-12523
Vulnerability Summary: CVE-2024-12523 The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map'...
