CVE-2024-4967 SourceCodester Interactive Map with Marker delete-mark.php sql injection
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to sql injection. The attack can be launched.....
6.9AI Score
0.0004EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute. This makes it...
6.4CVSS
6.1AI Score
0.0004EPSS
The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
6.4CVSS
6.1AI Score
0.0004EPSS
The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
5.7AI Score
0.0004EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute. This makes it...
5.7AI Score
0.0004EPSS
Sensitive Information Disclosure
github.com/kubernetes-sigs/azurefile-csi-driver is vulnerable to Sensitive Information Disclosure. This vulnerability is due to tokens being logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag, which allows an...
6.7AI Score
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
7.5CVSS
7.2AI Score
0.0004EPSS
7.3AI Score
github.com/fluxcd/source-controller is vulnerable to Token Disclosure though logs. The vulnerability is due to improper credential masking in error statements when the source-controller encounters an error when connecting to Azure Blob Storage, resulting in the Azure SAS token being logged along...
com.amazon.redshift, redshift-jdbc42 is vulnerable to SQL Injection. The vulnerability is due to the use of a non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL statement which negates a parameter value. The vulnerability allows an....
7.9AI Score
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
7.5AI Score
0.0004EPSS
The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level....
6.4CVSS
6.1AI Score
0.001EPSS
The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for.....
8.8CVSS
7.8AI Score
0.001EPSS
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow....
6.5CVSS
7.1AI Score
0.001EPSS
The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level....
5.8AI Score
0.001EPSS
CVE-2024-4318 Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection
The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for.....
8.7AI Score
0.001EPSS
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow....
6.4AI Score
0.001EPSS
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...
8.8CVSS
7.8AI Score
0.001EPSS
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...
8.8AI Score
0.001EPSS
[slackware-security] gdk-pixbuf2
New gdk-pixbuf2 packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gdk-pixbuf2-2.42.12-i586-1_slack15.0.txz: Upgraded. ani: Reject files with multiple INA or IART chunks. ani: Reject files...
7.1AI Score
0.001EPSS
The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
6.1AI Score
0.001EPSS
CVE-2024-4984 Yoast SEO <= 22.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
5.7AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: djvulibre-3.5.28-9.fc40
DjVu is a web-centric format and software platform for distributing documen ts and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution pictu res. DjVu content downloads faster, displays and renders faster,...
6.6AI Score
0.0005EPSS
[SECURITY] Fedora 40 Update: python-tqdm-4.66.4-2.fc40
tqdm (read taqadum, =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD) means "progress" in Arabic. Instantly make your loops show a smart progress meter - just wrap any itera ble with "tqdm(iterable)", and you are...
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: djvulibre-3.5.28-6.fc38
DjVu is a web-centric format and software platform for distributing documen ts and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution pictu res. DjVu content downloads faster, displays and renders faster,...
6.6AI Score
0.0005EPSS
[SECURITY] Fedora 38 Update: python-tqdm-4.66.4-2.fc38
tqdm (read taqadum, =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD) means "progress" in Arabic. Instantly make your loops show a smart progress meter - just wrap any itera ble with "tqdm(iterable)", and you are...
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: djvulibre-3.5.28-7.fc39
DjVu is a web-centric format and software platform for distributing documen ts and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution pictu res. DjVu content downloads faster, displays and renders faster,...
6.6AI Score
0.0005EPSS
[SECURITY] Fedora 39 Update: python-tqdm-4.66.4-2.fc39
tqdm (read taqadum, =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD) means "progress" in Arabic. Instantly make your loops show a smart progress meter - just wrap any itera ble with "tqdm(iterable)", and you are...
6.5AI Score
0.0004EPSS
6.5AI Score
TT Custom Post Type Creator <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The TT Custom Post Type Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Viet Nam Affiliate <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Viet Nam Affiliate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Table Maker <= 1.9.1 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Table Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject...
5.9AI Score
0.0004EPSS
Configure Login Timeout <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Configure Login Timeout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
K000139652: Intel CPU vulnerability CVE-2023-23583
Security Advisory Description Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. (CVE-2023-23583) Impact.....
6.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1650)
The remote host is missing an update for the Huawei...
7.2AI Score
0.001EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
0.0004EPSS
7.1AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for libX11 (EulerOS-SA-2024-1657)
The remote host is missing an update for the Huawei...
7.2AI Score
0.0004EPSS
Himalayas < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Himalayas theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display names in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
5.9AI Score
0.0004EPSS
Description The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.71 due to insufficient input sanitization and output escaping. This makes it possible for...
5.9AI Score
0.0004EPSS
Description The Pootle Pagebuilder – WordPress Page builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
5.9AI Score
0.0004EPSS
QuickieBar <= 1.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The QuickieBar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
5.9AI Score
0.0004EPSS
Viet Affiliate Link <=1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Viet Affiliate Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Featured Content Gallery <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Featured Content Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Heateor Social Login WordPress < 1.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,.....
5.8AI Score
0.0004EPSS
BlogLentor <= <=1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The BlogLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
5.9AI Score
0.0004EPSS
Pk Favicon Manager <=2.1 - Authenticated (Admin+) Arbitrary File Upload
Description The Pk Favicon Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on....
8AI Score
0.0004EPSS
Shared Files < 1.7.20 - Missing Authorization
Description The Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.19. This makes it possible for...
7AI Score
Description The Forty Four – 404 Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with.....
5.7AI Score
0.0004EPSS
Description The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
5.9AI Score
0.0004EPSS