Exploit for Improper Input Validation in Apache Log4J
log4j-shell-poc A Proof-Of-Concept for the recently found...
10CVSS
9.6AI Score
0.976EPSS
7.2CVSS
7.1AI Score
0.001EPSS
Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to "Settings > Save as.....
5.4AI Score
7.2CVSS
7AI Score
0.001EPSS
Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 21st, 2024, during our second Bug Bounty Extravaganza,.....
7.2CVSS
6.2AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit...
2.4CVSS
6.7AI Score
0.0004EPSS
Zebra ZTC GK420d Alert Setup Page settings cross site scripting
A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit...
3.6AI Score
0.0004EPSS
Drozer - The Leading Security Assessment Framework For Android
drozer (formerly Mercury) is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. drozer provides tools to....
7.5AI Score
Detecting Windows-based Malware Through Better Visibility
Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren't just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national...
7AI Score
Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9AI Score
0.0004EPSS
WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS
Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue...
3.1CVSS
7.1AI Score
0.0004EPSS
Cloud_Enum - Multi-cloud OSINT Tool. Enumerate Public Resources In AWS, Azure, And Google Cloud
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. Currently enumerates the following: Amazon Web Services: - Open / Protected S3 Buckets - awsapps (WorkMail, WorkDocs, Connect, etc.) Microsoft Azure: - Storage Accounts - Open Blob Storage Containers - Hosted...
7.2AI Score
Breeze < 2.1.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape its breeze_api_token settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9CVSS
5.8AI Score
0.0004EPSS
7.8CVSS
8.1AI Score
0.004EPSS
Funnel Builder by CartFlows < 2.0.2 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9CVSS
5.7AI Score
0.0004EPSS
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities
It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) Quentin Minster discovered that the KSMBD...
7.8CVSS
7.9AI Score
0.004EPSS
DinodasRAT Linux implant targeting entities worldwide
DinodasRAT, also known as XDealer, is a multi-platform backdoor written in C++ that offers a range of capabilities. This RAT allows the malicious actor to surveil and harvest sensitive data from a target's computer. A Windows version of this RAT was used in attacks against government entities in...
7.7AI Score
Linux kernel (Intel IoTG) vulnerabilities
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-intel-iotg - Linux kernel for Intel IoT platforms linux-intel-iotg-5.15 - Linux kernel for Intel IoT platforms Details It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return...
7.8CVSS
8.2AI Score
0.004EPSS
Wix Toolset < 3.14.1 / 4.x < 4.0.5 Multiple Vulnerabilities
The version of Wix Toolset installed on the remote host is prior to 3.14.1 or 4.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx...
6.9AI Score
Noia - Simple Mobile Applications Sandbox File Browser Tool
Noia is a web-based tool whose main aim is to ease the process of browsing mobile applications sandbox and directly previewing SQLite databases, images, and more. Powered by frida.re. Please note that I'm not a programmer, but I'm probably above the median in code-savyness. Try it out, open an...
7.2AI Score
Exploit for Out-of-bounds Write in Google Android
Fluoride Bluetooth stack Building and running on AOSP...
9.8CVSS
7.4AI Score
0.001EPSS
WP Staging (Free < 3.4.0, Pro < 5.4.0) - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Social Media Share Buttons < 2.8.9 - Admin+ Stored XSS via settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Social Media Share Buttons < 2.8.9 - Admin+ Stored XSS via settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to "Ultimate Social Media.....
5.3AI Score
0.0004EPSS
WP Staging (Free < 3.4.0, Pro < 5.4.0) - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to "WP Staging > Backup ...
4.9AI Score
0.0004EPSS
My Sticky Bar < 2.6.8 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC You should click on "My Sticky...
5.4AI Score
My Sticky Bar < 2.6.8 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Navigate to "RGG Gallery" and....
4.9AI Score
0.0004EPSS
7.8CVSS
8.1AI Score
0.004EPSS
linux-oracle, linux-oracle-5.15 vulnerabilities
It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) Quentin Minster discovered that the KSMBD...
7.8CVSS
7.9AI Score
0.004EPSS
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
Summary The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. Details RemoveFolderEx deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified...
7.9CVSS
6.8AI Score
0.0004EPSS
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
Summary The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. Details RemoveFolderEx deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified...
7.9CVSS
7AI Score
0.0004EPSS
New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent...
6.2AI Score
Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting via Product Title
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
8.1AI Score
0.0004EPSS
Ultimate Noindex Nofollow Tool II < 1.3.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload
Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) PoC 1. Go to the plugin setting and in the "Restore" section...
9.3AI Score
0.0004EPSS
NPS computy < 2.7.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to "Settings > NPS...
7.7AI Score
0.0004EPSS
Top Bar < 3.0.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to "Top Bar" in WP Admin...
4.9AI Score
0.0004EPSS
Top Bar < 3.0.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Testimonial Slider < 2.3.8 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting via Product Title
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC Note: This requires WooCommerce.....
8.1AI Score
0.0004EPSS
Linux kernel (Oracle) vulnerabilities
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-oracle - Linux kernel for Oracle Cloud systems linux-oracle-5.15 - Linux kernel for Oracle Cloud systems Details It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return...
7.8CVSS
8.1AI Score
0.004EPSS
Ultimate Noindex Nofollow Tool II < 1.3.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to "Settings > Ultimate....
5.4AI Score
Web applications often rely on proxy server to route requests to the right web service. An Open Proxy vulnerabilities occurs when a web server is configured to act as forward proxy, allowing anyone to use it to relay web traffic. This setup can may allow an attacker to use the proxy server to make....
7.4AI Score
Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload
Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite...
9.4AI Score
0.0004EPSS
NPS computy < 2.7.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
7.9AI Score
0.0004EPSS
Carousel Slider < 2.2.7 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Add a new slider at "Carousel....
5.4AI Score
0.0004EPSS