Tag: 2024-06-04

3 Attack Reports | 183 Vulnerabilities

Attack reports

Excel File Deploys Cobalt Strike at Ukraine

A sophisticated multi-stage cyberattack was identified, utilizing an Excel file embedded with a VBA macro designed to deploy a DLL file. The attacker employed various evasion techniques and a multi-stage malware strategy to deliver the notorious 'Cobalt Strike' payload, establishing communication w…
malware
evasion
ukraine
2024-06-04
excel
Published: June 4, 2024
Downloadable IOCs: 10

The Pumpkin Eclipse - Chalubo Malware

Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and contr…
ddos
script
2024-06-04
meta
write
download
form
soho
path
button
span
link
template
header dropdown
iconbutton
product
solutions
footer
code
enterprise
reload
close
chalubo
body
find
star
copy
open
main
contact
october
chalubo malware
actiontec
lumen
lua script
lotus labs
november
black
next
Published: June 4, 2024
Downloadable IOCs: 176

Vidar Stealer: An In-depth Analysis of an Information-Stealing Malware

Vidar Stealer is a potent malware written in C++, capable of stealing a wide range of data from the compromised system. Vidar Stealer targets user’s personal data, web-browser data, cryptocurrency wallets, financial data, sensitive files within user directories, communication applications, process …
malware
persistence
2024-06-04
c2
Published: June 4, 2024
Downloadable IOCs: 6
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-25600

10.0
    Bricks Builder
Published: June 4, 2024

CVE-2024-29972

9.8
    Zyxel NAS326
    Zyxel NAS542
Published: June 4, 2024

CVE-2024-29973

9.8
    Zyxel NAS326
    Zyxel NAS542
Published: June 4, 2024

CVE-2024-29974

9.8
    Zyxel NAS326
    Zyxel NAS542
Published: June 4, 2024

CVE-2024-4552

9.8
    Social Login Lite For WooCommerce plugin for WordPress
Published: June 4, 2024

CVE-2024-35700

9.8
    Userpro
    DeluxeThemes Userpro
Published: June 4, 2024

CVE-2024-35629

9.6
    Easy Digital Downloads - Recent Purchases
    Wow-Company Easy Digital Downloads - Recent Purchases
Published: June 4, 2024

CVE-2024-36400

9.4
    nano-id crate
    nano-id crate
Published: June 4, 2024

CVE-2023-33930

9.1
    Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
    Unlimited Elements For Elementor
Published: June 4, 2024

CVE-2024-34792

9.1
    Dextaz Ping
    Dextaz Ping
Published: June 4, 2024

CVE-2024-33560

9.0
    XStore
    XStore
Published: June 4, 2024

CVE-2024-34551

9.0
    Stockholm theme by Select-Themes
    Select-Themes Stockholm
Published: June 4, 2024

CVE-2024-37052

8.8
    MLflow
    MLflow
Published: June 4, 2024

CVE-2024-37053

8.8
    MLflow platform
Published: June 4, 2024

CVE-2024-37054

8.8
    MLflow
Published: June 4, 2024

CVE-2024-37055

8.8
    MLflow
Published: June 4, 2024

CVE-2024-37056

8.8
    MLflow
    MLflow
Published: June 4, 2024

CVE-2024-37057

8.8
    MLflow platform
Published: June 4, 2024

CVE-2024-37058

8.8
    MLflow platform
    MLflow platform
Published: June 4, 2024

CVE-2024-37059

8.8
    MLflow
Published: June 4, 2024

CVE-2024-37060

8.8
    MLflow
    MLflow
Published: June 4, 2024

CVE-2024-37061

8.8
    MLflow
Published: June 4, 2024

CVE-2024-33628

8.8
    XforWooCommerce
    XforWooCommerce
Published: June 4, 2024

CVE-2024-33557

8.5
    XStore Core
    XStore Core
Published: June 4, 2024

CVE-2024-33568

8.5
    BdThemes Element Pack Pro
    Element Pack Pro
Published: June 4, 2024

CVE-2024-34552

8.5
    Stockholm
    Select-Themes Stockholm
Published: June 4, 2024

CVE-2024-34554

8.5
    Select-Themes Stockholm Core
    Stockholm Core
Published: June 4, 2024

CVE-2023-47837

8.3
    ARMember
Published: June 4, 2024

CVE-2024-29170

8.1
    Dell PowerScale OneFS
Published: June 4, 2024

CVE-2024-20874

7.9
    SmartManagerCN
    SmartManagerCN
Published: June 4, 2024

CVE-2023-5751

7.8
    UNKNOWN
Published: June 4, 2024

CVE-2024-37062

7.8
    Ydata ydata-profiling open-source library
Published: June 4, 2024

CVE-2024-37063

7.8
    Ydata ydata-profiling open-source library
Published: June 4, 2024

CVE-2024-37064

7.8
    Ydata ydata-profiling open-source library
    Ydata's ydata-profiling open-source library
Published: June 4, 2024

CVE-2024-37065

7.8
    skops python library
    skops python library
Published: June 4, 2024

CVE-2024-2019

7.5
    WP-DB-Table-Editor plugin for WordPress
Published: June 4, 2024

CVE-2024-4253

7.5
    @gradio/video
Published: June 4, 2024

CVE-2024-5000

7.5
    CODESYS
Published: June 4, 2024

CVE-2023-46630

7.5
    Admin and Site Enhancements (ASE)
Published: June 4, 2024

CVE-2024-28996

7.5
    SolarWinds Platform
Published: June 4, 2024

CVE-2024-32871

7.5
    Pimcore
Published: June 4, 2024

CVE-2024-25095

7.5
    Easy Forms for Mailchimp
Published: June 4, 2024

CVE-2024-35672

7.5
    Netgsm
Published: June 4, 2024

CVE-2024-4520

7.5
    gaizhenbiao/chuanhuchatgpt
Published: June 4, 2024

CVE-2024-32976

7.5
    Envoy Proxy
Published: June 4, 2024

CVE-2024-34363

7.5
    Envoy Proxy
Published: June 4, 2024

CVE-2024-20877

7.3
    UNKNOWN
    libsavscmn
Published: June 4, 2024

CVE-2024-20878

7.3
    Samsung Android devices
    libsavscmn
Published: June 4, 2024

CVE-2024-4870

7.2
    Frontend Registration – Contact Form 7 plugin for WordPress
    Frontend Registration - Contact Form 7 plugin for WordPress
Published: June 4, 2024

CVE-2024-3555

7.2
    WordPress Social Link Pages plugin
Published: June 4, 2024

CVE-2024-4254

7.1
    gradio
    GitHub Actions
Published: June 4, 2024

CVE-2024-35664

7.1
    WPvivid Backup for MainWP
Published: June 4, 2024

CVE-2024-35668

7.1
    Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
    Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue
Published: June 4, 2024

CVE-2024-29004

7.1
    SolarWinds Platform
Published: June 4, 2024

CVE-2024-35652

7.1
    Event Tickets with Ticket Scanner
Published: June 4, 2024

CVE-2024-29975

6.7
    Zyxel NAS326
    Zyxel NAS542
    Zyxel NAS326 firmware
    Zyxel NAS542 firmware
Published: June 4, 2024

CVE-2024-29976

6.5
    Zyxel NAS326
    Zyxel NAS542
Published: June 4, 2024

CVE-2023-38520

6.5
    Pinpoint Booking System
    Pinpoint Booking System
Published: June 4, 2024

CVE-2023-40673

6.5
    cartpauj Register Captcha
Published: June 4, 2024

CVE-2024-5463

6.5
    Synology Camera Firmware
Published: June 4, 2024

CVE-2023-48747

6.5
    Booster for WooCommerce
Published: June 4, 2024

CVE-2023-49852

6.5
    WordPress Responsive Slick Slider
    Responsive Slick Slider WordPress
Published: June 4, 2024

CVE-2023-51511

6.5
    Booster Elite for WooCommerce
    Booster Elite for WooCommerce
Published: June 4, 2024

CVE-2024-33541

6.5
    Better Elementor Addons
    Better Elementor Addons
Published: June 4, 2024

CVE-2024-34384

6.5
    SinaExtra Sina Extension for Elementor
    Sina Extension for Elementor
Published: June 4, 2024

CVE-2024-35654

6.5
    CyberChimps Responsive
    CyberChimps Responsive
Published: June 4, 2024

CVE-2024-35666

6.5
    Themesflat Addons For Elementor
    Themesflat Addons For Elementor
Published: June 4, 2024

CVE-2024-35782

6.5
    Cowidgets – Elementor Addons
    Cowidgets – Elementor Addons
Published: June 4, 2024

CVE-2024-35649

6.5
    Pdfcrowd Save as PDF plugin
    Pdfcrowd Save as PDF plugin by Pdfcrowd
Published: June 4, 2024

CVE-2024-35651

6.5
    WP Flow Plus
    Spiffy Plugins WP Flow Plus
Published: June 4, 2024

CVE-2024-35653

6.5
    Visual Composer Website Builder
Published: June 4, 2024

CVE-2024-34759

6.5
    VideoWhisper Picture Gallery
Published: June 4, 2024

CVE-2024-3888

6.4
    tagDiv Composer plugin for WordPress
Published: June 4, 2024

CVE-2024-3230

6.4
    Download Attachments plugin for WordPress
Published: June 4, 2024

CVE-2024-4273

6.4
    Essential Real Estate plugin for WordPress
Published: June 4, 2024

CVE-2024-4697

6.4
    Cowidgets – Elementor Addons plugin for WordPress
Published: June 4, 2024

CVE-2024-20880

6.4
    UNKNOWN
    bootloader
Published: June 4, 2024

CVE-2024-20881

6.4
    chnactiv TA
    chnactiv TA
Published: June 4, 2024

CVE-2024-5485

6.4
    SureTriggers - Connect All Your Plugins, Apps, Tools & Automate Everything! plugin for WordPress
    SureTriggers - WordPress Plugin
Published: June 4, 2024

CVE-2024-4581

6.4
    Slider Revolution plugin for WordPress
Published: June 4, 2024

CVE-2024-4637

6.4
    Slider Revolution plugin for WordPress
Published: June 4, 2024

CVE-2024-28999

6.4
    SolarWinds Platform
Published: June 4, 2024

CVE-2024-5635

6.3
    itsourcecode Bakery Online Ordering System
Published: June 4, 2024

CVE-2024-20883

6.2
    UNKNOWN
    Android OS
Published: June 4, 2024

CVE-2024-20884

6.2
    Samsung BatteryStatsService
    Android
Published: June 4, 2024

CVE-2024-20886

6.2
    Samsung Live Wallpaper PC
Published: June 4, 2024

CVE-2024-20887

6.2
    GalaxyBudsManager PC
Published: June 4, 2024

CVE-2024-20876

6.1
    UNKNOWN
Published: June 4, 2024

CVE-2024-32464

6.1
    Action Text
Published: June 4, 2024

CVE-2024-35655

5.9
    Brave Popup Builder
    Brave Popup Builder
Published: June 4, 2024

CVE-2024-29152

5.9
    Samsung Exynos processors
Published: June 4, 2024

CVE-2024-23326

5.9
    Envoy
Published: June 4, 2024

CVE-2024-32974

5.9
    Envoy
Published: June 4, 2024

CVE-2024-32975

5.9
    Envoy Proxy
Published: June 4, 2024

CVE-2024-34362

5.9
    Envoy Proxy
Published: June 4, 2024

CVE-2024-36121

5.9
    Netty
Published: June 4, 2024

CVE-2024-34364

5.7
    Envoy
Published: June 4, 2024

CVE-2023-39161

5.4
    WP Discussion Board
    WP Discussion Board
Published: June 4, 2024

CVE-2023-40557

5.4
    PickPlugins Tabs & Accordion
    PickPlugins Tabs & Accordion
Published: June 4, 2024

CVE-2023-45635

5.4
    WP Darko Responsive Tabs
    WP Darko Responsive Tabs
Published: June 4, 2024

CVE-2023-47513

5.4
    ARI Stream Quiz
    ARI Soft ARI Stream Quiz
Published: June 4, 2024

CVE-2024-28103

5.4
    Action Pack
Published: June 4, 2024

CVE-2024-30528

5.4
    Spiffy Calendar
Published: June 4, 2024

CVE-2024-1718

5.3
    Claudio Sanches - Checkout Cielo for WooCommerce plugin
Published: June 4, 2024

CVE-2024-2382

5.3
    Authorize.net Payment Gateway For WooCommerce plugin for WordPress
    WordPress Authorize.net Payment Gateway For WooCommerce plugin
Published: June 4, 2024

CVE-2024-4997

5.3
    WPUpper Share Buttons plugin for WordPress
Published: June 4, 2024

CVE-2023-34001

5.3
    WPPlugins - WordPress Security Plugins Hide My WP Ghost
    WPPlugins - WordPress Security Plugins Hide My WP Ghost
Published: June 4, 2024

CVE-2023-37865

5.3
    IP2Location Country Blocker
    IP2Location Country Blocker
Published: June 4, 2024

CVE-2023-40332

5.3
    WP-PostRatings
    WP-PostRatings
Published: June 4, 2024

CVE-2023-41134

5.3
    Antispam Bee
    Antispam Bee
Published: June 4, 2024

CVE-2023-44235

5.3
    WP Captcha
    WP Captcha
Published: June 4, 2024

CVE-2023-45009

5.3
    Captcha/Honeypot for Contact Form 7
    Captcha/Honeypot for Contact Form 7
Published: June 4, 2024

CVE-2023-46310

5.3
    wpDiscuz
Published: June 4, 2024

CVE-2023-47189

5.3
    WPMU DEV Defender Security
    WPMU DEV Defender Security
Published: June 4, 2024

CVE-2023-48271

5.3
    Maspik - Spam blacklist
    Maspik - Spam blacklist
Published: June 4, 2024

CVE-2023-48276

5.3
    WP Forms Puzzle Captcha
Published: June 4, 2024

CVE-2023-48285

5.3
    Stripe Payments
    Tips and Tricks HQ Stripe Payments
Published: June 4, 2024

CVE-2023-48290

5.3
    Form Maker by 10Web
    Form Maker by 10Web
Published: June 4, 2024

CVE-2023-48318

5.3
    Contact Form Email
    CodePeople Contact Form Email
Published: June 4, 2024

CVE-2023-48745

5.3
    Captcha Code
    Captcha Code
Published: June 4, 2024

CVE-2023-48753

5.3
    Restricted Site Access
    Restricted Site Access
Published: June 4, 2024

CVE-2023-49774

5.3
    WP Photo Album Plus
    WP Photo Album Plus
Published: June 4, 2024

CVE-2023-51542

5.3
    WPMU DEV Branda
    WPMU DEV Branda
Published: June 4, 2024

CVE-2023-51543

5.3
    RegistrationMagic
    RegistrationMagic
Published: June 4, 2024

CVE-2023-51544

5.3
    RegistrationMagic
    Metagauss RegistrationMagic
Published: June 4, 2024

CVE-2023-51667

5.3
    Rate my Post - WP Rating System
Published: June 4, 2024

CVE-2023-52176

5.3
    miniorange Malware Scanner
    miniorange Malware Scanner
Published: June 4, 2024

CVE-2024-35670

5.3
    SoftLab Integrate Google Drive
Published: June 4, 2024

CVE-2024-30525

5.3
    Move Addons for Elementor
Published: June 4, 2024

CVE-2024-20885

5.1
    Samsung Dialer
Published: June 4, 2024

CVE-2024-35634

4.9
    Woocommerce - Recent Purchases
    Wow-Company Woocommerce – Recent Purchases
Published: June 4, 2024

CVE-2024-4219

4.8
    BeyondInsight
Published: June 4, 2024

CVE-2024-20882

4.6
    Samsung Bootloader
    bootloader
Published: June 4, 2024

CVE-2023-47663

4.6
    Foyer
Published: June 4, 2024

CVE-2024-3031

4.4
    Fluid Notification Bar plugin for WordPress
Published: June 4, 2024

CVE-2024-4462

4.4
    Nafeza Prayer Time plugin for WordPress
Published: June 4, 2024

CVE-2024-1717

4.3
    Admin Notices Manager plugin for WordPress
Published: June 4, 2024

CVE-2024-4274

4.3
    WordPress Essential Real Estate plugin
    WordPress Essential Real Estate plugin
Published: June 4, 2024

CVE-2023-28494

4.3
    CodePeople Contact Form Email
Published: June 4, 2024

CVE-2023-45053

4.3
    WP Content Pilot - Autoblogging & Affiliate Marketing Plugin
    WP Content Pilot - Autoblogging & Affiliate Marketing Plugin
Published: June 4, 2024

CVE-2024-30484

4.3
    RT Easy Builder - Advanced addons for Elementor
Published: June 4, 2024

CVE-2024-4220

4.3
    BeyondInsight
Published: June 4, 2024

CVE-2024-20873

4.2
    caminfo driver
Published: June 4, 2024

CVE-2024-20875

4.0
    SemClipboard
    SemClipboard
Published: June 4, 2024

CVE-2024-20879

4.0
    UNKNOWN
    libsavscmn.so
Published: June 4, 2024

CVE-2023-47769

3.7
    WP Maintenance
Published: June 4, 2024

CVE-2023-47818

3.7
    LWS Hide Login
    LWS Hide Login
Published: June 4, 2024

CVE-2023-48335

3.7
    Webcraftic Hide login page
Published: June 4, 2024

CVE-2023-49741

3.7
    Coming soon and Maintenance mode
    wpdevart Coming soon and Maintenance mode
Published: June 4, 2024

CVE-2023-49748

3.7
    WPS Hide Login
    WPS Hide Login
Published: June 4, 2024

CVE-2023-49822

3.7
    Ultimate Dashboard by David Vongries
    David Vongries Ultimate Dashboard
Published: June 4, 2024

CVE-2023-52147

3.7
    All In One WP Security & Firewall
    All In One WP Security & Firewall
Published: June 4, 2024

CVE-2024-0757

None
    Insert or Embed Articulate Content into WordPress plugin
Published: June 4, 2024

CVE-2024-2470

None
    Simple Ajax Chat WordPress plugin
Published: June 4, 2024

CVE-2024-4057

None
    Gutenberg Blocks with AI by Kadence WP WordPress plugin
Published: June 4, 2024

CVE-2024-4180

None
    Events Calendar WordPress plugin
    The Events Calendar WordPress plugin
Published: June 4, 2024

CVE-2024-4749

None
    wp-eMember WordPress plugin
Published: June 4, 2024

CVE-2024-4750

None
    buddyboss-platform WordPress plugin
Published: June 4, 2024

CVE-2024-4856

None
    FS Product Inquiry WordPress plugin
Published: June 4, 2024

CVE-2024-4857

None
    FS Product Inquiry WordPress plugin
    FS Product Inquiry WordPress plugin
Published: June 4, 2024

CVE-2024-36104

None
    Apache OFBiz
Published: June 4, 2024

CVE-2024-5420

None
    SEH Computertechnik utnserver Pro
    SEH Computertechnik utnserver ProMAX
    SEH Computertechnik INU-100
    utnserver Pro
    utnserver ProMAX
    INU-100
Published: June 4, 2024

CVE-2024-5421

None
    utnserver Pro
    utnserver ProMAX
    INU-100
Published: June 4, 2024

CVE-2024-5422

None
    SEH Computertechnik utnserver Pro
    SEH Computertechnik utnserver ProMAX
    SEH Computertechnik INU-100
    utnserver Pro
    utnserver ProMAX
    INU-100
Published: June 4, 2024

CVE-2024-36800

None
    SEMCMS
Published: June 4, 2024

CVE-2024-36801

None
    SEMCMS
Published: June 4, 2024

CVE-2024-0756

None
    Insert or Embed Articulate Content into WordPress plugin
Published: June 4, 2024

CVE-2024-36547

None
    idccms
Published: June 4, 2024

CVE-2024-36548

None
    idccms
    idccms
Published: June 4, 2024

CVE-2024-36549

None
    idccms
Published: June 4, 2024

CVE-2024-36550

None
    idccms
Published: June 4, 2024

CVE-2024-36604

None
    Tenda O3V2
Published: June 4, 2024

CVE-2024-36857

None
    Jan
Published: June 4, 2024

CVE-2024-36858

None
    Jan
Published: June 4, 2024

CVE-2024-37273

None
    Jan
Published: June 4, 2024

CVE-2022-28652

None
    Ubuntu
Published: June 4, 2024

CVE-2022-28654

None
    Ubuntu
Published: June 4, 2024

CVE-2022-28655

None
    UNKNOWN
Published: June 4, 2024

CVE-2022-28656

None
    UNKNOWN
Published: June 4, 2024

CVE-2022-28657

None
    Ubuntu
Published: June 4, 2024

CVE-2022-28658

None
    Ubuntu
Published: June 4, 2024

CVE-2024-30889

None
    audimex audimexEE
Published: June 4, 2024

CVE-2024-36675

None
    LyLme_spage
Published: June 4, 2024
Click here to see more Vulnerabilities