The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is....
5.9AI Score
0.0004EPSS
The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is.....
5.9AI Score
0.0004EPSS
The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is....
5.6AI Score
0.0004EPSS
Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS
The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is....
5.9AI Score
0.0004EPSS
Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS
The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is.....
5.9AI Score
0.0004EPSS
7.8AI Score
0.0005EPSS
WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6688-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6688-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...
7.9AI Score
WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC As and admin, create a...
4.9AI Score
0.0004EPSS
curl: CVE-2024-2379: QUIC certificate check bypass with wolfSSL
Summary: In vquic-tls.c curl_wssl_init_ctx errors are handled by goto out and having result be set to an error code to be returned. At the beginning of the function result is correctly set to CURLE_FAILED_INIT which allows for goto out to work correctly without having to set result however,...
6.9AI Score
0.0004EPSS
Exploit for Use After Free in Linux Linux Kernel
Demonstration that Claude 3 Opus does not understand...
7.9AI Score
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. PoC Setup a listener on a localhost/LAN host (such as nc -l 127.0.0.1 9000), then as a contributor, put the...
9.2AI Score
0.0004EPSS
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF...
9.4AI Score
0.0004EPSS
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv() uses the unfiltered server environment variable PATH_INFO, which allows attackers to inject malicious content. In...
6.1CVSS
6AI Score
0.003EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed.....
6.5CVSS
7.1AI Score
0.055EPSS
Insufficiently Protected Credentials vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...
7.5CVSS
7.1AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter.When original...
7.5CVSS
6.9AI Score
0.001EPSS
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML() method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup @keyframes methods. This XSS,...
9.9CVSS
5.2AI Score
0.002EPSS
Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASH_COOKIE_SECRET or REDASH_SECRET_KEY environment variables, a default value is used for both that is the same across all installations. In such cases,....
6.5CVSS
6.8AI Score
0.008EPSS
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML...
6.1CVSS
6.1AI Score
0.01EPSS
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
7.5CVSS
7AI Score
0.974EPSS
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...
6.6CVSS
6.8AI Score
0.003EPSS
BIT-grafana-image-renderer-2022-31176
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized...
8.1CVSS
7.1AI Score
0.003EPSS
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of....
9.8CVSS
7.2AI Score
0.975EPSS
Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...
8.8CVSS
7.7AI Score
0.003EPSS
Badgerboard: A PLC backplane network visibility module
Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort...
6.8AI Score
Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...
7.1CVSS
6.3AI Score
0.0004EPSS
Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...
7.1CVSS
6.6AI Score
0.0004EPSS
Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware
North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark....
10CVSS
9.4AI Score
0.935EPSS
How Cybercriminals are Exploiting India's UPI for Money Laundering Operations
Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha,...
7.4AI Score
BloodHound - Six Degrees Of Domain Admin
BloodHound is a monolithic web application composed of an embedded React frontend with Sigma.js and a Go based REST API backend. It is deployed with a Postgresql application database and a Neo4j graph database, and is fed by the SharpHound and AzureHound data collectors. BloodHound uses graph...
7.4AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4414-1)
The remote host is missing an update for...
9.8CVSS
7.8AI Score
0.017EPSS
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0090-1)
The remote host is missing an update for...
6.1CVSS
5.4AI Score
0.001EPSS
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0171-1)
The remote host is missing an update for...
6.1CVSS
5.4AI Score
0.001EPSS
Ebook Store < 5.8002 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9CVSS
5.4AI Score
0.0004EPSS
openSUSE: Security Advisory for poppler (SUSE-SU-2023:4690-1)
The remote host is missing an update for...
6.5CVSS
7.2AI Score
0.012EPSS
openSUSE: Security Advisory for trivy (openSUSE-SU-2022:10022-1)
The remote host is missing an update for...
7.5CVSS
7.7AI Score
0.007EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2022:2424-2)
The remote host is missing an update for...
8.2CVSS
8AI Score
0.007EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0397-1)
The remote host is missing an update for...
9.6CVSS
9.7AI Score
0.053EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3172-1)
The remote host is missing an update for...
7.8CVSS
7.4AI Score
0.001EPSS
openSUSE: Security Advisory for zabbix (openSUSE-SU-2023:0191-1)
The remote host is missing an update for...
5.4CVSS
6.7AI Score
0.0004EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2022:0156-1)
The remote host is missing an update for...
8.8CVSS
7.5AI Score
0.02EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4351-1)
The remote host is missing an update for...
9.8CVSS
7.8AI Score
0.017EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3377-1)
The remote host is missing an update for...
7.8CVSS
7.5AI Score
0.008EPSS
openSUSE: Security Advisory for iperf (SUSE-SU-2023:3887-1)
The remote host is missing an update for...
7.5CVSS
7.8AI Score
0.002EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4343-1)
The remote host is missing an update for...
9.8CVSS
7.8AI Score
0.017EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4345-1)
The remote host is missing an update for...
9.8CVSS
7.8AI Score
0.017EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3313-1)
The remote host is missing an update for...
7.8CVSS
7.5AI Score
0.008EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4378-1)
The remote host is missing an update for...
9.8CVSS
7.8AI Score
0.017EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0396-1)
The remote host is missing an update for...
9.6CVSS
9.7AI Score
0.053EPSS