Lucene search

K

5 Stars Rating Funnel WordPress Plugin | RRatingg Security Vulnerabilities

nessus
nessus

AlmaLinux 9 : python3.11 (ALSA-2024:4077)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4077 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) Tenable has extracted the preceding description block directly from the AlmaLinux security...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

AlmaLinux 9 : python3.9 (ALSA-2024:4078)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4078 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...

7.8CVSS

7.3AI Score

0.0005EPSS

2024-06-25 12:00 AM
wpexploit
wpexploit

WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block

Description WordPress does not properly escape the "tagName" attribute in the "Template Part block" allowing high-privileged users to perform Stored Cross-Site Scripting (XSS)...

6AI Score

2024-06-25 12:00 AM
31
nessus
nessus

AlmaLinux 9 : git (ALSA-2024:4083)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4083 advisory. * git: Recursive clones RCE (CVE-2024-32002) * git: RCE while cloning local repos (CVE-2024-32004) * git: additional local RCE (CVE-2024-32465) * git:...

9CVSS

7AI Score

0.001EPSS

2024-06-25 12:00 AM
nvd
nvd

CVE-2024-22168

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

0.0004EPSS

2024-06-24 11:15 PM
6
cve
cve

CVE-2024-22168

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

6.2AI Score

0.0004EPSS

2024-06-24 11:15 PM
11
vulnrichment
vulnrichment

CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

6.4AI Score

0.0004EPSS

2024-06-24 10:54 PM
cvelist
cvelist

CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

0.0004EPSS

2024-06-24 10:54 PM
3
nvd
nvd

CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft &lt;=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...

0.0004EPSS

2024-06-24 07:15 PM
2
cve
cve

CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft &lt;=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...

6.5AI Score

0.0004EPSS

2024-06-24 07:15 PM
7
githubexploit
githubexploit

Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm

Readme.md CVE-2023-30253 CVE-2023-30253 is a...

8.8CVSS

7.6AI Score

0.008EPSS

2024-06-24 04:22 PM
51
osv
osv

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-24 04:18 PM
3
github
github

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-24 04:18 PM
3
ibm
ibm

Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update

Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile (WLP) to version 24.0.0.6 for security update in WLP. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) |...

9.8CVSS

7.3AI Score

0.001EPSS

2024-06-24 03:45 PM
9
wordfence
wordfence

Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins

On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team. We immediately checked the malicious file and uploaded it to our internal....

7.1AI Score

2024-06-24 03:21 PM
3
nuclei
nuclei

3DPrint Lite < 1.9.1.5 - Arbitrary File Upload

The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...

9.8CVSS

7.1AI Score

0.188EPSS

2024-06-24 01:55 PM
thn
thn

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool

Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud...

10CVSS

8.1AI Score

EPSS

2024-06-24 01:52 PM
20
cve
cve

CVE-2024-37231

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

8.6AI Score

0.0004EPSS

2024-06-24 01:15 PM
10
cve
cve

CVE-2024-37233

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...

4.3CVSS

4.8AI Score

0.0004EPSS

2024-06-24 01:15 PM
11
nvd
nvd

CVE-2024-37233

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-24 01:15 PM
2
nvd
nvd

CVE-2024-37231

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

0.0004EPSS

2024-06-24 01:15 PM
4
nvd
nvd

CVE-2024-37228

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

0.0004EPSS

2024-06-24 01:15 PM
2
cve
cve

CVE-2024-37109

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through...

9.9CVSS

9.7AI Score

0.0004EPSS

2024-06-24 01:15 PM
9
cve
cve

CVE-2024-37111

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-24 01:15 PM
10
cve
cve

CVE-2024-37092

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...

8.5CVSS

8.5AI Score

0.0004EPSS

2024-06-24 01:15 PM
8
cve
cve

CVE-2024-37228

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

9.7AI Score

0.0004EPSS

2024-06-24 01:15 PM
10
nvd
nvd

CVE-2024-37109

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through...

9.9CVSS

0.0004EPSS

2024-06-24 01:15 PM
cve
cve

CVE-2024-37107

Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-06-24 01:15 PM
10
nvd
nvd

CVE-2024-37107

Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through...

8.8CVSS

0.0004EPSS

2024-06-24 01:15 PM
3
nvd
nvd

CVE-2024-37092

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...

8.5CVSS

0.0004EPSS

2024-06-24 01:15 PM
nvd
nvd

CVE-2024-37111

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...

7.5CVSS

0.0004EPSS

2024-06-24 01:15 PM
1
cvelist
cvelist

CVE-2024-37233 WordPress Play.ht plugin <= 3.6.4 - Broken Access Control vulnerability

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-24 12:47 PM
3
cvelist
cvelist

CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

0.0004EPSS

2024-06-24 12:39 PM
3
vulnrichment
vulnrichment

CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

6.8AI Score

0.0004EPSS

2024-06-24 12:39 PM
2
cvelist
cvelist

CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

0.0004EPSS

2024-06-24 12:35 PM
3
vulnrichment
vulnrichment

CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

7.1AI Score

0.0004EPSS

2024-06-24 12:35 PM
vulnrichment
vulnrichment

CVE-2024-37111 WordPress WishList Member X plugin <= 3.25.1 - Unauthenticated Denial of Service Attack vulnerability

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-24 12:31 PM
1
cvelist
cvelist

CVE-2024-37111 WordPress WishList Member X plugin <= 3.25.1 - Unauthenticated Denial of Service Attack vulnerability

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...

7.5CVSS

0.0004EPSS

2024-06-24 12:31 PM
2
kitploit
kitploit

Hfinger - Fingerprinting HTTP Requests

Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-) Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification. Unique means here that each fingerprint should be...

7AI Score

2024-06-24 12:30 PM
4
cvelist
cvelist

CVE-2024-37109 WordPress WishList Member X plugin <= 3.25.1 - Authenticated Arbitrary PHP Code Execution vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through...

9.9CVSS

0.0004EPSS

2024-06-24 12:29 PM
7
cvelist
cvelist

CVE-2024-37107 WordPress WishList Member X plugin <= 3.25.1 - Authenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through...

8.8CVSS

0.0004EPSS

2024-06-24 12:26 PM
3
cvelist
cvelist

CVE-2024-37092 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...

8.5CVSS

0.0004EPSS

2024-06-24 12:23 PM
2
cve
cve

CVE-2024-37091

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through...

9.9CVSS

9.6AI Score

0.0004EPSS

2024-06-24 12:15 PM
9
nvd
nvd

CVE-2024-37091

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through...

9.9CVSS

0.0004EPSS

2024-06-24 12:15 PM
2
cve
cve

CVE-2024-37089

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...

9CVSS

9.1AI Score

0.0004EPSS

2024-06-24 12:15 PM
10
nvd
nvd

CVE-2024-37089

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...

9CVSS

0.0004EPSS

2024-06-24 12:15 PM
4
cvelist
cvelist

CVE-2024-37091 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through...

9.9CVSS

0.0004EPSS

2024-06-24 12:09 PM
4
cvelist
cvelist

CVE-2024-37089 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...

9CVSS

0.0004EPSS

2024-06-24 12:07 PM
4
githubexploit
githubexploit

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 Bug: Bug is inside function...

7CVSS

7.4AI Score

0.0004EPSS

2024-06-24 10:37 AM
44
veracode
veracode

Insecure Direct Object Reference (IDOR)

jweiland/events2 is vulnerable to Insecure Direct Object Reference (IDOR). The vulnerability is due to missing access checks in the management plugin, which allows an attacker to activate or delete events without...

5.4CVSS

6.6AI Score

0.0004EPSS

2024-06-24 07:00 AM
Total number of security vulnerabilities504746