PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...
7.6AI Score
0.001EPSS
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...
7.6AI Score
0.001EPSS
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...
7.6AI Score
0.001EPSS
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...
7.6AI Score
0.001EPSS
Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must...
7.5AI Score
0.0005EPSS
Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must...
7.5AI Score
0.0005EPSS
PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a...
7.5AI Score
0.0005EPSS
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...
7.6AI Score
0.001EPSS
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...
7.6AI Score
0.001EPSS
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...
7.6AI Score
0.001EPSS
PDF-XChange Editor EMF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target....
7.5AI Score
0.0005EPSS
PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...
7.6AI Score
0.001EPSS
PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...
7.6AI Score
0.001EPSS
PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...
7.6AI Score
0.001EPSS
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit....
7.5AI Score
0.0005EPSS
PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must.....
6.2AI Score
0.0005EPSS
Microsoft Visual Studio Codef source code editor vulnerability is related to flaws in access control. access. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his or her...
7AI Score
0.001EPSS
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
6AI Score
0.0004EPSS
The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it...
4.4CVSS
6.1AI Score
0.0004EPSS
The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including, 1.0.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above,...
4.3CVSS
6.9AI Score
0.001EPSS
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...
5.5AI Score
0.0004EPSS
The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it...
5.5AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...
9.8AI Score
0.001EPSS
Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through...
4.7AI Score
0.0004EPSS
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown...
6.8AI Score
0.0004EPSS
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code...
7.5AI Score
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code...
9AI Score
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code...
9.2AI Score
The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Missing Authorization
Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the Tp_f_delete_transient() function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...
6.7AI Score
Carousel Slider < 2.2.11 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting...
6.1AI Score
0.0004EPSS
Carousel Slider < 2.2.11 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks PoC 1. Create a new slider and inset: (1212"onmouseover='alert(1)') to "URL View"...
5.8AI Score
0.0004EPSS
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown...
6.5AI Score
0.0004EPSS
(RHSA-2024:2568) Moderate: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass...
7.5AI Score
0.0005EPSS
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above,....
4.3CVSS
7AI Score
0.0004EPSS
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above,....
6.3AI Score
0.0004EPSS
Moderate: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) ...
7.3AI Score
0.0005EPSS
Moderate: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) ...
7.7AI Score
0.0005EPSS
🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 8th, 2024, during our Bug Bounty Extravaganza, we...
7.3AI Score
0.0004EPSS
[SECURITY] [DLA 3801-1] emacs security update
Debian LTS Advisory DLA-3801-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton April 29, 2024 https://wiki.debian.org/LTS Package : emacs Version : 1:26.1+1-3.2+deb10u5 CVE ID ...
7.1AI Score
0.0004EPSS
Coupon & Discount Code Reveal Button < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Coupon & Discount Code Reveal Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.1AI Score
0.0004EPSS
Image Slider < 1.1.127 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Image Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.1.125 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions...
5.9AI Score
0.0004EPSS
Sendinblue for WooCommerce < 4.0.18 - Authenticated (Editor+) Arbitrary File Download and Deletion
Description The Brevo for WooCommerce plugin for WordPress is vulnerable to arbitrary file download and deletion in all versions up to, and including, 4.0.17. This is due to the plugin not properly validating file names in the get_file_contents and delete_attachment functions. This makes it...
6.9AI Score
0.0004EPSS
Advanced Floating Content Lite < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Advanced Floating Content Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Description The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level...
6.6AI Score
0.0004EPSS
Description The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This...
5.8AI Score
0.0004EPSS
Foxit PDF Editor for Mac < 11.1.7 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor for Mac application (previously named Foxit PhantomPDF for Mac) installed on the remote macOS host is prior to 11.1.7. It is, therefore affected by multiple vulnerabilities: Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution...
6.2AI Score
Foxit PDF Editor for Mac < 2024.2 Vulnerability
According to its version, the Foxit PDF Editor for Mac application (previously named Foxit PhantomPDF for Mac) installed on the remote macOS host is prior to 2024.2. It is, therefore affected by vulnerability: Note that Nessus has not tested for this issue but has instead relied only on the...
8.5AI Score
Foxit PDF Editor for Mac < 12.1.3 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor for Mac application (previously named Foxit PhantomPDF for Mac) installed on the remote macOS host is prior to 12.1.3. It is, therefore affected by multiple vulnerabilities: Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution...
6.2AI Score
Foxit PDF Editor < 11.2.9 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 11.2.9. It is, therefore affected by multiple vulnerabilities: In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via...
7AI Score
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4693 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.7AI Score