In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...
6.5CVSS
0.0004EPSS
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...
6.5CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5248 Improper Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...
6.5CVSS
0.0004EPSS
CVE-2024-5248 Improper Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...
6.5CVSS
6.6AI Score
0.0004EPSS
7.4AI Score
Privilege Escalation & SQL Injection in TYPO3 CMS
Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...
8.1AI Score
Privilege Escalation & SQL Injection in TYPO3 CMS
Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...
8.1AI Score
typo3/cms is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to improper encoding of editor input in the search result view, allowing authenticated editors to inject arbitrary...
6.4AI Score
@wangeditor/editor is vulnerable to Cross-site scripting (XSS). The vulnerability is due to missing input sanitization within the image upload function, which allows an attacker to execute arbitrary JavaScript in the...
6.6AI Score
EPSS
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
7.4CVSS
6AI Score
0.001EPSS
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.4CVSS
6.4AI Score
0.001EPSS
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
7.4CVSS
5.5AI Score
0.001EPSS
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact This could...
6.1CVSS
5.9AI Score
0.0005EPSS
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact This could...
6.1CVSS
5.9AI Score
0.0005EPSS
The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbte_render' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated...
7.5CVSS
6.7AI Score
0.001EPSS
The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbte_render' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated...
7.5CVSS
7.2AI Score
0.001EPSS
The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbte_render' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated...
7.5CVSS
7.2AI Score
0.001EPSS
The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the 'cf7frr' post meta. This makes it possible for authenticated attackers, with editor-level access and above, to modify...
7.2CVSS
6.9AI Score
0.001EPSS
The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the 'cf7frr' post meta. This makes it possible for authenticated attackers, with editor-level access and above, to modify...
7.2CVSS
7.1AI Score
0.001EPSS
The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the 'cf7frr' post meta. This makes it possible for authenticated attackers, with editor-level access and above, to modify...
7.2CVSS
6.9AI Score
0.001EPSS
The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the 'cf7frr' post meta. This makes it possible for authenticated attackers, with editor-level access and above, to modify...
7.2CVSS
6.9AI Score
0.001EPSS
6.8AI Score
EPSS
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact This could...
6.1CVSS
6.1AI Score
EPSS
TYPO3 Cross-Site Scripting in legacy form component
Failing to sanitize content from editors, the legacy form component is susceptible to Cross-Site Scripting. A valid editor account with access to a form content element is required to exploit this...
7AI Score
TYPO3 Cross-Site Scripting in legacy form component
Failing to sanitize content from editors, the legacy form component is susceptible to Cross-Site Scripting. A valid editor account with access to a form content element is required to exploit this...
7AI Score
TYPO3 Cross-Site Scripting in link validator component
Failing to sanitize content from editors, the link validator component is susceptible to Cross-Site Scripting. A valid editor account with access to content which is scanned by the link validator component is required to exploit this...
7AI Score
TYPO3 Cross-Site Scripting in link validator component
Failing to sanitize content from editors, the link validator component is susceptible to Cross-Site Scripting. A valid editor account with access to content which is scanned by the link validator component is required to exploit this...
7AI Score
TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend
Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary...
7AI Score
TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend
Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary...
7AI Score
Cross-Site Scripting in TYPO3 component Indexed Search
Failing to properly encode editor input, the search result view of indexed_search is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary...
6.9AI Score
Cross-Site Scripting in TYPO3 component Indexed Search
Failing to properly encode editor input, the search result view of indexed_search is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary...
6.9AI Score
IT threat evolution in Q1 2024. Non-mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly.....
6.9AI Score
typo3/cms-core is vulnerable to SQL injection. The vulnerability is due to improper dissociation of system-related configuration from user-generated configuration, allowing instructions to be persisted to a form definition file that were not configured to be modified. This allows attackers to...
8.1AI Score
[SECURITY] Fedora 39 Update: kitty-0.31.0-2.fc39
Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-c olor, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and ...
5.5CVSS
6.7AI Score
0.0004EPSS
6.8AI Score
EPSS
RHEL 9 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950) Apache OpenOffice versions...
7.8CVSS
8.8AI Score
0.001EPSS
A vulnerability in the PSP file parser of the GIMP graphics editor is related to number processing errors. Exploitation of the vulnerability could allow an attacker to execute arbitrary...
7.8CVSS
7AI Score
0.0005EPSS
6.8AI Score
EPSS
[SECURITY] Fedora 39 Update: rust-lino-0.10.0-9.fc39
A command line text editor with notepad like key...
7.5AI Score
[SECURITY] Fedora 39 Update: helix-24.03-3.fc39
A Kakoune / Neovim inspired editor, written in...
7.3AI Score
Moodle stored Cross-site Scripting (XSS)
Additional sanitizing was required when opening the equation editor to prevent a stored Cross-site Scripting (XSS) risk when editing another user's...
5.5AI Score
0.0004EPSS
Moodle stored Cross-site Scripting (XSS)
Additional sanitizing was required when opening the equation editor to prevent a stored Cross-site Scripting (XSS) risk when editing another user's...
5.5AI Score
0.0004EPSS
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's...
5.5AI Score
0.0004EPSS
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's...
5.7AI Score
0.0004EPSS
CVE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's...
5.8AI Score
0.0004EPSS
CVE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's...
5.4AI Score
0.0004EPSS
There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version...
5.7AI Score
EPSS
There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version...
5.7AI Score
EPSS
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's...
5.8AI Score
0.0004EPSS
Contact Form 7 Plugin for WordPress < 5.8.4 Arbitrary File Upload
The WordPress Contact Form 7 Plugin installed on the remote host is affected by an authenticated file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score