CVE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's...
6AI Score
Contact Form 7 Plugin for WordPress < 5.8.4 Arbitrary File Upload
The WordPress Contact Form 7 Plugin installed on the remote host is affected by an authenticated file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
TYPO3 Brute Force Protection Bypass in backend login
The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...
7.1AI Score
TYPO3 Brute Force Protection Bypass in backend login
The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...
7.1AI Score
OpenCMS Cross-Site Scripting vulnerability
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field....
6.9AI Score
OpenCMS Cross-Site Scripting vulnerability
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field....
6.9AI Score
TYPO3 CMS Privilege Escalation and SQL Injection
Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...
8.1AI Score
TYPO3 CMS Privilege Escalation and SQL Injection
Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...
8.1AI Score
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...
6.4CVSS
7AI Score
CVE-2024-5521 Cross-Site Scripting stored in Alkacon OpenCMS
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...
7AI Score
CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS
The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
silverstripe/admin is vulnerable to Cross-Site Scripting (XSS . The vulnerability is due to inadequate input validation, allowing an attacker to embed malicious JavaScript through onmouseover or onmouseout attributes in the WYSIWYG...
6.4AI Score
[SECURITY] Fedora 40 Update: rust-lino-0.10.0-9.fc40
A command line text editor with notepad like key...
7.5AI Score
[SECURITY] Fedora 40 Update: helix-24.03-3.fc40
A Kakoune / Neovim inspired editor, written in...
7.3AI Score
Foxit PDF Editor < 12.1.7 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 12.1.7. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...
6.8AI Score
Foxit PDF Editor < 11.2.10 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 11.2.10. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...
6.8AI Score
Foxit PDF Editor < 13.1.2 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 13.1.2. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...
6.8AI Score
[SECURITY] Fedora 39 Update: libreoffice-7.6.7.2-1.fc39
LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. ...
6.8AI Score
0.0004EPSS
Foxit PDF Editor < 2024.2.2 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 2024.2.2. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...
6.8AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 110 vulnerabilities disclosed in 84...
9.4AI Score
0.001EPSS
The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template, and action_request_enable in all versions up to, and including, 2.4.43. This makes it possible for...
4.3CVSS
6.8AI Score
0.001EPSS
(RHSA-2024:3304) Important: libreoffice security fix update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
7.1AI Score
0.001EPSS
CVE-2024-3711 Brizy – Page Builder <= 2.4.43 - Missing Authorization
The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template, and action_request_enable in all versions up to, and including, 2.4.43. This makes it possible for...
6.8AI Score
0.001EPSS
openSUSE 15 Security Update : gitui (openSUSE-SU-2024:0135-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0135-1 advisory. - update to version 0.26.2: * respect configuration for remote when fetching (also applies to pulling) * add : character to sign-off trailer...
8AI Score
RHEL 8 : vorbis-tools (RHSA-2024:3095)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3095 advisory. The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open,...
6.3AI Score
FreeBSD : Gitlab -- Vulnerabilities (f848ef90-1848-11ef-9850-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f848ef90-1848-11ef-9850-001b217b3468 advisory. Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS...
6.5AI Score
RHEL 7 : libreoffice (RHSA-2024:3304)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3304 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor,...
7.5AI Score
Silverstripe admin XSS Vulnerability via WYSIWYG editor
It is possible for a bad actor with access to the CMS to make use of onmouseover or onmouseout attributes in the WYSIWYG editor to embed malicious...
7.1AI Score
Silverstripe admin XSS Vulnerability via WYSIWYG editor
It is possible for a bad actor with access to the CMS to make use of onmouseover or onmouseout attributes in the WYSIWYG editor to embed malicious...
7.1AI Score
(RHSA-2024:3265) Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For...
7.5AI Score
0.0005EPSS
(RHSA-2024:3095) Moderate: vorbis-tools security update
The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...
7AI Score
0.001EPSS
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...
7.5AI Score
0.0004EPSS
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...
7.2AI Score
0.0004EPSS
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...
7AI Score
0.0004EPSS
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...
7AI Score
0.0004EPSS
Moderate: vorbis-tools security update
The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...
6.6AI Score
0.001EPSS
Moderate: vorbis-tools security update
The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...
6.5AI Score
0.001EPSS
Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For more...
6.8AI Score
0.0005EPSS
Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS vulnerability in the 'description' field of the runner CSRF via K8s cluster-integration Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did not match Redos...
6AI Score
0.0004EPSS
Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For more...
6.7AI Score
0.0005EPSS
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Impact Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. Affected versions Umbraco CMS >= 8.00 Patches This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing...
6.2AI Score
0.0004EPSS
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Impact Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. Affected versions Umbraco CMS >= 8.00 Patches This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing...
6AI Score
0.0004EPSS
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by...
6.2AI Score
0.0004EPSS
Vger - An Interactive CLI Application For Interacting With Authenticated Jupyter Instances
V'ger is an interactive command-line application for post-exploitation of authenticated Jupyter instances with a focus on AI/ML security operations. User Stories As a Red Teamer, you've found Jupyter credentials, but don't know what you can do with them. V'ger is organized in a format that should.....
7.5AI Score
The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting...
6.3AI Score
0.0004EPSS
CVE-2024-4372 Carousel Slider < 2.2.11 - Editor+ Stored XSS
The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting...
6.1AI Score
0.0004EPSS
ezsystems/ezpublish-legacy is vulnerable to Object Injection. The vulnerability due to in the Legacy Shop module which allows an attacker with backend editor privileges to manipulate the discount rule...
7AI Score
7.1AI Score
7.1AI Score
7.2AI Score