The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
6.2AI Score
0.0004EPSS
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
7.5AI Score
UK PSTI? You’ll need a Vulnerability Disclosure Program!
If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program (VDP) In the supporting materials for the Act,....
7.4AI Score
shopware/shopware is vulnerable to Cross-Site Scripting. The vulnerability is due to inadequate input sanitization in the frontend, which allows an attacker to inject and execute malicious scripts in the context of a victim’s web...
7AI Score
CVE-2024-0867 Email Log <= 2.4.8 - Unauthenticated Hook Injection
The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the...
7.6AI Score
0.001EPSS
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6AI Score
0.001EPSS
umbracocms is vulnerable to stored Cross-site Scripting (XSS). The vulnerability is due to the lack of input sanitization, allowing attackers with access to the backoffice to inject malicious content into a website or...
6.4AI Score
0.0004EPSS
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
6.2AI Score
0.001EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
6.4CVSS
6.1AI Score
0.0004EPSS
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
6.4CVSS
6.1AI Score
0.0004EPSS
vodafone.motion-tm.de Cross Site Scripting vulnerability OBB-3930078
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
5.8AI Score
0.0004EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
5.9AI Score
0.0004EPSS
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6AI Score
0.001EPSS
The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for...
9.8CVSS
7.2AI Score
0.001EPSS
CVE-2024-4544 Pie Register - Social Sites Login (Add on) <= 1.7.7 - Authentication Bypass
The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for...
7.2AI Score
0.001EPSS
The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a.....
4.3CVSS
6.7AI Score
0.0005EPSS
The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojs_video shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
6.1AI Score
0.001EPSS
The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojs_video shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.8AI Score
0.001EPSS
onlineregister.com Cross Site Scripting vulnerability OBB-3930077
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-4409 WP-ViperGB <= 1.6.1 - Cross-Site Request Forgery
The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a.....
6.7AI Score
0.0005EPSS
gotolouisville.com Cross Site Scripting vulnerability OBB-3930074
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
rockerek.hu Cross Site Scripting vulnerability OBB-3930073
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
jets.ru Cross Site Scripting vulnerability OBB-3930072
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
premierwardrobes.ie Cross Site Scripting vulnerability OBB-3930069
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
tiptop.ie Cross Site Scripting vulnerability OBB-3930068
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
[SECURITY] Fedora 39 Update: libreoffice-7.6.7.2-1.fc39
LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. ...
6.8AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: thunderbird-115.11.0-1.fc39
Mozilla Thunderbird is a standalone mail and newsgroup...
7.3AI Score
kapiticars.co.nz Cross Site Scripting vulnerability OBB-3930065
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
hollenberg-haltern.de Cross Site Scripting vulnerability OBB-3930064
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of jupyter-scheduler users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been...
7.2AI Score
0.0004EPSS
Intel Media SDK Multiple Vulnerabilities (INTEL-SA-00935)
The version of Intel Media SDK installed on the remote host is affected by multiple vulnerabilities: Improper input validation in Intel Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. (CVE-2023-48368) Improper buffer...
7.8AI Score
Aqua Security Trivy < 0.51.2 Credential Leak (GHSA-xcq4-m2r3-cmrj)
The version of Aqua Security Trivy installed on the remote host is prior to 0.51.2. It is, therefore, affected by a vulnerability as referenced in the GHSA-xcq4-m2r3-cmrj advisory. If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it...
7.1AI Score
Oracle Linux 9 : tomcat (ELSA-2024-3307)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3307 advisory. [1:9.0.87-1.el9_4.1] - Resolves: RHEL-34815 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-31048 tomcat: Apache Tomcat: WebSocket DoS with...
7.4AI Score
SUSE SLES15 / openSUSE 15 Security Update : postgresql14 (SUSE-SU-2024:1768-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1768-1 advisory. PostgreSQL upgrade to version 14.12 (bsc#1224051): - CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and...
7.4AI Score
SUSE SLES15 / openSUSE 15 Security Update : python-sqlparse (SUSE-SU-2024:1767-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1767-1 advisory. - CVE-2024-4340: Catch RecursionError to avoid a denial of service. (bsc#1223603) Tenable has extracted the preceding...
7.3AI Score
Debian dsa-5697 : chromium - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5697 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5697-1 [email protected] ...
7.2AI Score
7.4AI Score
Ivanti Policy Secure 22.x XSS Vulnerability
The Ivanti Policy Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. Note that...
6.5AI Score
ManageEngine ServiceDesk Plus MSP < 14.7 Build 14720
The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the service-desk-msp_cve-2024-27314 advisory. A stored cross-site scripting (XSS) vulnerability allowed users with the SDAdmin.....
5.7AI Score
Cisco Secure Email and Web Manager Multiple Vulnerabilities (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)
According to its self-reported version, Cisco Secure Email and Web Manager is affected by multiple vulnerabilities. A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email could allow an authenticated, remote attacker to conduct an XSS attack...
7.3AI Score
GitLab 11.11 < 16.10.6 / 16.11 < 16.11.3 / 17.0 < 17.0.1 (CVE-2024-5318)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user...
7AI Score
Foxit PDF Reader < 2024.2.2 Vulnerability
According to its version, the Foxit PDF Reader application (previously named Foxit Reader) installed on the remote Windows host is prior to 2024.2.2. It is, therefore affected by vulnerability: Note that Nessus has not tested for this issue but has instead relied only on the application's...
7.3AI Score
Oracle Linux 7 : libreoffice (ELSA-2024-3304)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3304 advisory. [1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in...
7.1AI Score
Cisco Secure Web Appliance XSS (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker...
7AI Score
Intel VTune Profiler Installed (Windows)
Intel VTune Profiler is installed on the remote Windows...
7.4AI Score
MongoDB 5.0.x < 5.0.25 / 6.0.x < 6.0.14 / 7.0.x < 7.0.6 Improper Input Validation (SERVER-85263)
The version of MongoDB installed on the remote host is prior to 5.0.25, 6.0.14, or 7.0.6. It is, therefore, affected by a vulnerability as referenced in the SERVER-85263 advisory. Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can...
7.3AI Score
7.4AI Score
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user...
6.1AI Score
0.0004EPSS