The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...
7.5CVSS
7.2AI Score
0.001EPSS
The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...
7.5CVSS
0.001EPSS
The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...
7.5CVSS
6.4AI Score
0.001EPSS
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
4.3AI Score
0.0005EPSS
The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...
4.3CVSS
4.3AI Score
0.0005EPSS
The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...
4.3CVSS
0.0005EPSS
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...
6.4AI Score
0.0004EPSS
CVE-2023-6492 Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....
4.3CVSS
0.0005EPSS
CVE-2024-0892 Schema App Structured Data <= 2.2.0 - Cross-Site Request Forgery
The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...
4.3CVSS
0.0005EPSS
CVE-2024-0892 Schema App Structured Data <= 2.2.0 - Cross-Site Request Forgery
The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...
4.3CVSS
4.2AI Score
0.0005EPSS
Rocky Linux 8 : bind and dhcp (RLSA-2024:3271)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3271 advisory. * bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator...
7.5CVSS
9.3AI Score
0.05EPSS
7.4AI Score
Rocky Linux 8 : python-dns (RLSA-2024:3275)
The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:3275 advisory. * dnspython: denial of service in stub resolver (CVE-2023-29483) Tenable has extracted the preceding description block directly from the Rocky Linux security...
6.6AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
5.5CVSS
7.4AI Score
0.002EPSS
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
...
7.4AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2024:3267)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3267 advisory. * JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681) * python-jwcrypto: malicious JWE token can cause denial of service...
6.8CVSS
7AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...
0.0004EPSS
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...
0.0004EPSS
7.2AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
7.4AI Score
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without...
6.9AI Score
0.0004EPSS
7.4AI Score
9.8CVSS
7.4AI Score
0.919EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
7.4AI Score
0.0004EPSS
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without...
0.0004EPSS
Rocky Linux 8 : container-tools:rhel8 (RLSA-2024:3254)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3254 advisory. * buildah: full container escape at build time (CVE-2024-1753) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters.....
8.6CVSS
6AI Score
0.002EPSS
Rocky Linux 8 : squashfs-tools (RLSA-2024:3139)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3139 advisory. * squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) * squashfs-tools: possible Directory Traversal via...
8.1CVSS
10AI Score
0.009EPSS
7.1AI Score
0.0004EPSS
7.4AI Score
7.2AI Score
0.0004EPSS
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...
7AI Score
0.0004EPSS
Rocky Linux 8 : idm:DL1 (RLSA-2024:3755)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3755 advisory. * CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service * CVE-2024-3183 freeipa:...
8.1CVSS
8.3AI Score
0.0004EPSS
Linux kernel (NVIDIA) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-nvidia-6.5 - Linux kernel for NVIDIA systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this...
7.8CVSS
7.5AI Score
0.001EPSS
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web...
0.0004EPSS
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
6.5CVSS
6.8AI Score
0.001EPSS
Under Construction / Maintenance Mode from Acurax <= 2.6 - Unauthenticated IP Spoofing
Description The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.6 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes.....
5.3CVSS
6.8AI Score
0.0005EPSS
9.8CVSS
7.4AI Score
0.476EPSS
Rocky Linux 9 : ipa (RLSA-2024:3754)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3754 advisory. * freeipa: delegation rules allow a proxy service to impersonate any user to access another target service (CVE-2024-2698) * freeipa: user can...
8.1CVSS
8.3AI Score
0.0004EPSS
5.5CVSS
7.4AI Score
0.002EPSS
A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is...
7.5CVSS
7.3AI Score
0.001EPSS
A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is...
7.5CVSS
0.001EPSS