Lucene search

K

Business Directory Plugin | GeoDirectory Security Vulnerabilities

nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bouncycastle (SUSE-SU-2024:1539-2)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1539-2 advisory. Update to version 1.78.1, including fixes for: - CVE-2024-30171: Fixed timing side-channel attacks...

6.6AI Score

0.0004EPSS

2024-06-19 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Authlib (SUSE-SU-2024:2064-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2064-1 advisory. - Update to version 1.3.1 - CVE-2024-37568: Fixed algorithm confusion with asymmetric public keys....

7.5CVSS

7AI Score

0.0005EPSS

2024-06-19 12:00 AM
nessus
nessus

Ubuntu 20.04 LTS : Git vulnerability (USN-6793-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6793-2 advisory. USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further investigation. This update fixes the problem. Original advisory details: It...

9CVSS

9.6AI Score

0.001EPSS

2024-06-19 12:00 AM
1
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:2073-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2073-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking -.....

7.7AI Score

0.0004EPSS

2024-06-19 12:00 AM
1
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:2061-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2061-1 advisory. - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking -.....

7.7AI Score

0.0004EPSS

2024-06-19 12:00 AM
nessus
nessus

Oracle Linux 7 : glibc (ELSA-2024-12444)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12444 advisory. [2.17-326.0.9.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: ...

9.8CVSS

9.7AI Score

0.009EPSS

2024-06-19 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:2065-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2065-1 advisory. - Update to version 2.44.2 - CVE-2024-27834: Fixed a vulnerability where an attacker with...

6.9AI Score

0.0005EPSS

2024-06-19 12:00 AM
nessus
nessus

FreeBSD : chromium -- multiple security fixes (453aa0fc-2d91-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 453aa0fc-2d91-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 21 security fixes: Tenable has extracted the...

8.8CVSS

8.1AI Score

0.0004EPSS

2024-06-19 12:00 AM
cve
cve

CVE-2024-5970

The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-18 10:15 PM
12
nvd
nvd

CVE-2024-5970

The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

0.0004EPSS

2024-06-18 10:15 PM
5
cvelist
cvelist

CVE-2024-5970 MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode

The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

0.0004EPSS

2024-06-18 09:36 PM
4
githubexploit
githubexploit

Exploit for CVE-2024-30078

About CVE-2024-30078 and the Corresponding KB Update...

8.3AI Score

2024-06-18 08:05 PM
109
cve
cve

CVE-2024-22002

CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation...

6.8AI Score

0.0004EPSS

2024-06-18 07:15 PM
9
nvd
nvd

CVE-2024-22002

CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation...

0.0004EPSS

2024-06-18 07:15 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-0044

CVE 2024 0044 CVE-2024-0044, identified in the...

7.8AI Score

2024-06-18 12:30 PM
69
talosblog
talosblog

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

This blog post is part of a multi-part series, and it is highly recommended to read the first entry here before continuing. As the second entry in our "Exploring malicious Windows drivers" series, we will continue where the first left off: Discussing the I/O system and IRPs. We will expand on...

6.6AI Score

2024-06-18 12:00 PM
5
ics
ics

RAD Data Communications SecFlow-2

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: RAD Data Communications Equipment: SecFlow-2 Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

6.9AI Score

0.0004EPSS

2024-06-18 12:00 PM
5
cve
cve

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their...

5.7CVSS

5.4AI Score

0.0004EPSS

2024-06-18 10:15 AM
9
thn
thn

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included among the tools deployed is a remote access tool that's capable of downloading and executing more...

7.8AI Score

2024-06-18 09:41 AM
13
nvd
nvd

CVE-2024-5899

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This...

0.0004EPSS

2024-06-18 09:15 AM
2
cve
cve

CVE-2024-5899

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This...

6.5AI Score

0.0004EPSS

2024-06-18 09:15 AM
9
vulnrichment
vulnrichment

CVE-2024-5899 Improper trust check in Bazel Build intellij plugin

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This...

7.1AI Score

0.0004EPSS

2024-06-18 08:12 AM
cvelist
cvelist

CVE-2024-5899 Improper trust check in Bazel Build intellij plugin

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This...

0.0004EPSS

2024-06-18 08:12 AM
2
cve
cve

CVE-2024-5172

The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.4AI Score

0.0004EPSS

2024-06-18 06:15 AM
14
nvd
nvd

CVE-2024-4094

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

0.0004EPSS

2024-06-18 06:15 AM
2
nvd
nvd

CVE-2024-5172

The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

0.0004EPSS

2024-06-18 06:15 AM
3
nvd
nvd

CVE-2024-3276

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when.....

0.0004EPSS

2024-06-18 06:15 AM
4
cve
cve

CVE-2024-4094

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

5.7AI Score

0.0004EPSS

2024-06-18 06:15 AM
10
cve
cve

CVE-2024-3276

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when.....

5.4AI Score

0.0004EPSS

2024-06-18 06:15 AM
26
nvd
nvd

CVE-2023-5527

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...

7.4CVSS

0.001EPSS

2024-06-18 06:15 AM
3
cve
cve

CVE-2023-5527

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...

7.4CVSS

7.6AI Score

0.001EPSS

2024-06-18 06:15 AM
12
cvelist
cvelist

CVE-2024-3276 FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when.....

0.0004EPSS

2024-06-18 06:00 AM
4
cvelist
cvelist

CVE-2024-4094 Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

0.0004EPSS

2024-06-18 06:00 AM
2
vulnrichment
vulnrichment

CVE-2024-5172 Expert Invoice <= 1.0.2 -Admin+ Stored XSS

The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.8AI Score

0.0004EPSS

2024-06-18 06:00 AM
1
vulnrichment
vulnrichment

CVE-2024-4094 Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

6.2AI Score

0.0004EPSS

2024-06-18 06:00 AM
cvelist
cvelist

CVE-2024-5172 Expert Invoice <= 1.0.2 -Admin+ Stored XSS

The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

0.0004EPSS

2024-06-18 06:00 AM
3
vulnrichment
vulnrichment

CVE-2023-5527 Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...

7.4CVSS

7.6AI Score

0.001EPSS

2024-06-18 05:38 AM
cvelist
cvelist

CVE-2023-5527 Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...

7.4CVSS

0.001EPSS

2024-06-18 05:38 AM
1
cve
cve

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level....

4.3CVSS

6.5AI Score

0.0004EPSS

2024-06-18 04:15 AM
11
nvd
nvd

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level....

4.3CVSS

0.0004EPSS

2024-06-18 04:15 AM
4
nvd
nvd

CVE-2024-5541

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for...

5.3CVSS

0.001EPSS

2024-06-18 03:15 AM
4
cve
cve

CVE-2024-5541

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for...

5.3CVSS

5.2AI Score

0.001EPSS

2024-06-18 03:15 AM
10
cve
cve

CVE-2024-0845

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-18 03:15 AM
9
nvd
nvd

CVE-2024-1634

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS

0.0005EPSS

2024-06-18 03:15 AM
4
cve
cve

CVE-2024-1634

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS

6.3AI Score

0.0005EPSS

2024-06-18 03:15 AM
9
nvd
nvd

CVE-2024-4375

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. This.....

6.4CVSS

0.0004EPSS

2024-06-18 03:15 AM
4
cve
cve

CVE-2024-4375

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. This.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-18 03:15 AM
10
nvd
nvd

CVE-2024-0845

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level.....

6.4CVSS

0.001EPSS

2024-06-18 03:15 AM
3
cvelist
cvelist

CVE-2024-5860 Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level....

4.3CVSS

0.0004EPSS

2024-06-18 03:13 AM
4
vulnrichment
vulnrichment

CVE-2024-5860 Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level....

4.3CVSS

6.7AI Score

0.0004EPSS

2024-06-18 03:13 AM
Total number of security vulnerabilities347073