The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.8AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: libreoffice-24.2.1.2-5.fc40
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. ...
7.2AI Score
[SECURITY] Fedora 40 Update: fontforge-20230101-11.fc40
FontForge (former PfaEdit) is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed...
7AI Score
0.0004EPSS
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Summary Grav CMS is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Details The Grav CMS implements a custom sandbox to protect the....
8.8CVSS
8.7AI Score
0.0004EPSS
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Summary Grav CMS is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Details The Grav CMS implements a custom sandbox to protect the....
8.8CVSS
9.2AI Score
0.0004EPSS
Description The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
WP Coder < 3.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The WP Coder – Powerful HTML, CSS, JS and PHP Injection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.9CVSS
6.1AI Score
0.0004EPSS
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing...
8.8CVSS
9AI Score
0.0004EPSS
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing...
8.8CVSS
7.9AI Score
0.0004EPSS
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing...
8.8CVSS
9AI Score
0.0004EPSS
CVE-2024-28116 Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing...
8.8CVSS
9.2AI Score
0.0004EPSS
(RHSA-2024:1473) Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.3AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126...
10CVSS
10AI Score
0.001EPSS
This post-exploitation keylogger will covertly exfiltrate keystrokes to a server. These tools excel at lightweight exfiltration and persistence, properties which will prevent detection. It uses DNS tunelling/exfiltration to bypass firewalls and avoid detection. Server Setup The server uses...
7.5AI Score
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-1465)
The remote host is missing an update for the Huawei...
5.5CVSS
5.5AI Score
0.002EPSS
EulerOS Virtualization 2.11.1 : vim (EulerOS-SA-2024-1422)
According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function ga_grow_inner...
7.8CVSS
7.3AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-1480)
The remote host is missing an update for the Huawei...
5.5CVSS
5.5AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-1422)
The remote host is missing an update for the Huawei...
7.8CVSS
6.7AI Score
0.002EPSS
RHEL 8 : libreoffice (RHSA-2024:1473)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1473 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...
8.8CVSS
9.2AI Score
0.001EPSS
EulerOS Virtualization 2.11.0 : vim (EulerOS-SA-2024-1450)
According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function ga_grow_inner...
7.8CVSS
7.3AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-1450)
The remote host is missing an update for the Huawei...
7.8CVSS
6.7AI Score
0.002EPSS
EulerOS Virtualization 2.9.0 : vim (EulerOS-SA-2024-1480)
According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function ga_grow_inner...
5.5CVSS
7.7AI Score
0.002EPSS
EulerOS Virtualization 2.9.1 : vim (EulerOS-SA-2024-1465)
According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function ga_grow_inner...
5.5CVSS
7.7AI Score
0.002EPSS
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...
9.1CVSS
7.4AI Score
0.0004EPSS
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...
9.1CVSS
9.6AI Score
0.0004EPSS
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...
9.1CVSS
9.7AI Score
0.0004EPSS
Security Bulletin: Apache Derby affects IBM Spectrum Control [CVE-2022-46337]
Summary Apache Derby might allow a remote attacker to bypass security restrictions caused by an LDAP injection vulnerability in the authenticator. This vulnerability affects IBM Spectrum Control. This bulletin identifies the steps to take to mitigate the vulnerability. Vulnerability Details **...
9.8CVSS
6.6AI Score
0.002EPSS
MJM Clinic < 1.1.23 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The MJM Clinic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...
6.5CVSS
5.7AI Score
0.0004EPSS
Multiple Page Generator Plugin – MPG < 3.4.1 - Authenticated (Editor+) Remote Code Execution
Description The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with editor-level access and above, to execute code on the...
9.1CVSS
7.9AI Score
0.0004EPSS
Visual Composer Website Builder < 45.7.0 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 45.6.0 due to insufficient input sanitization and...
5.9CVSS
5.9AI Score
0.0004EPSS
Zippy < 1.6.10 - Authenticated (Editor+) Arbitrary File Upload
Description The Zippy plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ZippyCore.php file in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with editor-level access and above, to upload arbitrary.....
8.8CVSS
7.6AI Score
0.0004EPSS
[SECURITY] [DSA 5641-1] fontforge security update
Debian Security Advisory DSA-5641-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 19, 2024 https://www.debian.org/security/faq Package : fontforge CVE ID : CVE-2024-25081 CVE-2024-25082...
6.5AI Score
0.0004EPSS
Container escape at build time
Impact What kind of vulnerability is it? Who is impacted? Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. Patches From @nalind ``` cat...
8.6CVSS
8.5AI Score
0.0005EPSS
Container escape at build time
Impact What kind of vulnerability is it? Who is impacted? Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. Patches From @nalind ``` cat...
8.6CVSS
8.6AI Score
0.0005EPSS
(RHSA-2024:1427) Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.3AI Score
0.001EPSS
(RHSA-2024:1425) Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.3AI Score
0.001EPSS
(RHSA-2024:1423) Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.3AI Score
0.001EPSS
(RHSA-2024:1408) Moderate: emacs security update
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news. Security Fix(es): emacs: command execution via shell metacharacters (CVE-2022-48337) emacs: command...
7.6AI Score
0.002EPSS
Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
8.8CVSS
7.3AI Score
0.001EPSS
RHEL 9 : libreoffice (RHSA-2024:1423)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1423 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...
8.8CVSS
9.1AI Score
0.001EPSS
RHEL 9 : libreoffice (RHSA-2024:1425)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1425 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...
8.8CVSS
9.2AI Score
0.001EPSS
RHEL 8 : emacs (RHSA-2024:1408)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1408 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language...
9.8CVSS
9.6AI Score
0.002EPSS
Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
8.8CVSS
6.7AI Score
0.001EPSS
RHEL 9 : libreoffice (RHSA-2024:1427)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1427 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...
8.8CVSS
9.1AI Score
0.001EPSS
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...
5.4CVSS
5.2AI Score
0.0004EPSS
Debian dla-3765 : cacti - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3765 advisory. Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is...
9.8CVSS
8.7AI Score
0.521EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages vim - Vi IMproved - enhanced vi editor Details Zhen Zhou discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of...
7.8CVSS
7.8AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through...
5.3CVSS
5.2AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through...
5.3CVSS
6.7AI Score
0.0004EPSS
CVE-2024-25591 WordPress WP Editor plugin <=1.2.7 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through...
5.3CVSS
5.5AI Score
0.0004EPSS