Himalayas < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Himalayas theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display names in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
5.9AI Score
0.0004EPSS
Heateor Social Login WordPress < 1.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,.....
5.8AI Score
0.0004EPSS
BlogLentor <= <=1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The BlogLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
5.9AI Score
0.0004EPSS
Pk Favicon Manager <=2.1 - Authenticated (Admin+) Arbitrary File Upload
Description The Pk Favicon Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on....
8AI Score
0.0004EPSS
Shared Files < 1.7.20 - Missing Authorization
Description The Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.19. This makes it possible for...
7AI Score
Description The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
5.9AI Score
0.0004EPSS
K000139653: Intel(R) QAT Library vulnerability CVE-2023-22313
Security Advisory Description Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-22313) Impact There is no impact; F5 products are not affected by this...
5.9AI Score
0.0004EPSS
Description The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.71 due to insufficient input sanitization and output escaping. This makes it possible for...
5.9AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2024-1665)
The remote host is missing an update for the Huawei...
7.2AI Score
0.027EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1647)
The remote host is missing an update for the Huawei...
7.1AI Score
0.001EPSS
Easy Affiliate Links < 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Easy Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to....
5.9AI Score
0.0004EPSS
Description The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 1.1.35 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Thim Elementor Kit < 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
5.9AI Score
0.0004EPSS
Description The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
5.9AI Score
0.0004EPSS
Aiomatic < 1.9.4 - Missing Authorization
Description The Aiomatic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.9.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized...
6.7AI Score
Description The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Block in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Description The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Page Title in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Description The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
5.9AI Score
0.0004EPSS
K000139646: MySQL Server vulnerabilities CVE-2024-21052 and CVE-2024-21053
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
5.7AI Score
0.0004EPSS
raindrops < 1.700 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The raindrops theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.600 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level.....
5.9AI Score
0.0004EPSS
canvasio3D Light <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload
Description The canvasio3D Light plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on...
8AI Score
0.0004EPSS
Better Elementor Addons < 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,....
5.9AI Score
0.0004EPSS
Move Addons for Elementor < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
AI Engine: ChatGPT Chatbot < 2.2.70 - Authenticated (Editor+) Arbitrary File Upload
Description The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.2.63. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected....
8AI Score
0.0004EPSS
Gold Addons for Elementor < 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Gold Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-kvm - Linux kernel for cloud environments linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty Details Zheng Wang discovered that...
0.0004EPSS
K000139654: Intel oneAPI vulnerabilities CVE-2023-24592 and CVE-2023-27383
Security Advisory Description CVE-2023-24592 Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. CVE-2023-27383 Protection mechanism failure in some...
6.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for gdb (EulerOS-SA-2024-1648)
The remote host is missing an update for the Huawei...
7.1AI Score
0.001EPSS
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 bring essential security enhancements with Patch SUPEE-10752. These updates address various vulnerabilities, including authenticated Admin user remote code execution (RCE), cross-site request forgery (CSRF), and more. Key Security Improvements: ...
8.8AI Score
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 bring essential security enhancements with Patch SUPEE-10752. These updates address various vulnerabilities, including authenticated Admin user remote code execution (RCE), cross-site request forgery (CSRF), and more. Key Security Improvements: ...
8.8AI Score
Data Leakage Vulnerability in livewire/livewire
livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this->validate() method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk...
7AI Score
Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the...
0.0004EPSS
wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...
4.4CVSS
7.7AI Score
0.0004EPSS
wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...
0.0004EPSS
Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the...
5.5CVSS
7.4AI Score
0.0004EPSS
Read private customer data reclaiming carts in Klaviyo Magento
A researcher identified an endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento...
6.9AI Score
eZ Platform User data disclosure
In eZ Platform v2.3.x it is possible to bypass permission checks in a particular case. This means user data such as name and email (but not passwords or password hashes) can be read by unauthenticated users. This affects only v2.3.x. If you use v2.2.x or older you are not affected. To install, use....
7.3AI Score
Ez Platform Object Injection in legacy shop module
This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission...
7.2AI Score
Ez Platform Object Injection in legacy shop module
This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission...
7.2AI Score
EZsystems Remote code execution in file uploads
This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution (RCE), a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if....
7.9AI Score
EZsystems Remote code execution in file uploads
This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution (RCE), a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if....
7.9AI Score
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in.....
7.5AI Score
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in.....
7.5AI Score
eZ Publish Legacy Passwordless login for LDAP users
This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy. Installations that are using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler, may...
7.1AI Score
eZ Publish Legacy Passwordless login for LDAP users
This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy. Installations that are using the legacy LDAP login handler or the TextFile login handler in combination with the standard legacy login handler, may...
7.1AI Score
CVE-2024-35184 paperless-ngx's remote user auth via header works even when disabling it for API
Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the...
5.5AI Score
0.0004EPSS
CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers
wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...
5.1AI Score
0.0004EPSS
eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu...
6.6AI Score
eZ Publish Remote code execution in file uploads
This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution (RCE), a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if....
7.9AI Score
eZ Publish Remote code execution in file uploads
This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution (RCE), a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if....
7.9AI Score