CVE-2023-5956 Wp-Adv-Quiz <= 1.0.2 - Admin+ Stored XSS in Quiz Overview
The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
7.4AI Score
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1115)
The remote host is missing an update for the Huawei...
6.4AI Score
0.001EPSS
7.4AI Score
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1131)
The remote host is missing an update for the Huawei...
6.4AI Score
0.001EPSS
Chart Builder < 1.9.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
Exploit for Deserialization of Untrusted Data in Wpengine Better Search Replace
Introduction to CVE-2023-6933 Vulnerability ...
10AI Score
0.015EPSS
Exploit for Vulnerability in Metabase
Metabase Pre-Auth RCE (CVE-2023-38646) PoC A proof of...
7.5AI Score
0.913EPSS
Raven - CI/CD Security Analyzer
RAVEN (Risk Analysis and Vulnerability Enumeration for CI/CD) is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database. Developed and maintained by the Cycode research team. With Raven, we were able to...
8AI Score
Exploit for Vulnerability in Google Android
**This repository is provided AS IS to accompany [a Meta Red...
7.9AI Score
0.0004EPSS
Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface
Ligolo-ng is a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface (without the need of SOCKS). Features Tun interface (No more SOCKS!) Simple UI with agent selection and network information Easy to use and setup...
7.4AI Score
A Beginners Guide to Understanding Protobuf & JSON When you dive into the sphere of data serialization, you're likely to encounter two dominant players - Protobuf, the colloquial term for Protocol Buffers, and JSON, standing for JavaScript Object Notation. Both of these formats carry distinctive...
6.8AI Score
8.9AI Score
Fortra GoAnywhere MFT 6.x > 6.0.1 / 7.x < 7.4.1 Authentication Bypass
Fortra GoAnywhere MFT is a Managed File Transfer (MFT) solution helping organizations build both internal and external data transfer exchanges. GoAnyWhere MFT versions 6.x from 6.0.1 and 7.x before 7.4.1 suffer from an authentication bypass vulnerability. By crafting a specific URL, a remote and...
7.8AI Score
WP RSS Aggregator < 4.23.5 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1131)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset...
7.4AI Score
EulerOS 2.0 SP11 : xorg-x11-server (EulerOS-SA-2024-1115)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset...
7.7AI Score
[5.14.0-362.18.0.1_3.OL9] nfp: fix use-after-free in area_cache_get() (Jialiang Wang) {CVE-2022-3545} drivers: net: slip: fix NPD bug in sl_tx_timeout() (Duoming Zhou) {CVE-2022-41858} can: af_can: fix NULL pointer dereference in can_rcv_filter (Oliver Hartkopp) {CVE-2023-2166} RDMA/core: Fix...
7.9AI Score
0.017EPSS
Imperva customers are protected against the recent GoAnywhere MFT vulnerability CVE-2024-0204
Recently, Fortra released a security advisory for CVE-2024-0204, a GoAnywhere MFT authentication bypass vulnerability. This bug allows an unauthenticated attacker to create an administrative user by exploiting an InitialAccountSetup.xhtml endpoint–accessible via path traversal–to initiate the...
9.8CVSS
8AI Score
0.51EPSS
Exploit for Injection in Atlassian Confluence Data Center
CVE-2023-22527: Atlassian Confluence Vulnerability...
7.7AI Score
0.975EPSS
Security Testing: Types, Tools, and Best Practices
Opening Note: Understanding the Core Concepts of Security Analysis Continual developments in technology have elevated the significance of security analysis, a critical phase in software design. You can think of it as a vital diagram within the process of coding, engineered to identify and resolve.....
8.4AI Score
RHCOS 4 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7398 advisory. Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources....
8.1AI Score
FileBird < 5.6.1 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.6AI Score
0.0004EPSS
RHCOS 4 : OpenShift Container Platform 4.13.3 (RHSA-2023:3536)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3536 advisory. HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a...
9.1AI Score
WPFront Notification Bar < 3.4 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
0.001EPSS
WebSub (FKA. PubSubHubbub) < 3.2.0 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
0.0004EPSS
Content Views < 3.6.3 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...
6.5CVSS
7.2AI Score
0.001EPSS
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The...
9.8CVSS
7.8AI Score
0.001EPSS
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...
6.5CVSS
7AI Score
0.001EPSS
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The...
9.8CVSS
7.6AI Score
0.001EPSS
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network...
5.7CVSS
7.4AI Score
0.001EPSS
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi...
5.5CVSS
7AI Score
0.0004EPSS
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network...
5.7CVSS
7.2AI Score
0.001EPSS
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi...
5.5CVSS
6.8AI Score
0.0004EPSS
Exploit for Incorrect Authorization in Atlassian Confluence Data Center
CVE-2023-22518 Lỗ hổng Phân Quyền Không Chính Xác trong...
7.2AI Score
0.966EPSS
Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi...
6.5AI Score
0.0004EPSS
Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Visit the "Settings"...
4.8AI Score
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...
6.8AI Score
0.001EPSS
Better Follow Button for Jetpack <= 8.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). PoC 1. Navigate to:...
7.8AI Score
WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. In the settings of the...
7.8AI Score
WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
7.9AI Score
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The...
7.4AI Score
0.001EPSS
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network...
7AI Score
0.001EPSS
Better Follow Button for Jetpack <= 8.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
7.9AI Score
The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
5.9AI Score
0.0004EPSS
The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
5.9AI Score
0.0004EPSS
The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
5.9AI Score
0.0004EPSS