Lucene search

K

Classified Listing Store & Membership Addon Security Vulnerabilities

githubexploit
githubexploit

Exploit for CVE-2024-4443

CVE-2024-4443-Poc CVE-2024-4443 Business Directory Plugin –...

9.8CVSS

7.9AI Score

0.029EPSS

2024-05-26 04:34 PM
125
nvd
nvd

CVE-2024-32045

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...

5.9CVSS

5.7AI Score

0.0004EPSS

2024-05-26 02:15 PM
cve
cve

CVE-2024-32045

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...

5.9CVSS

6.8AI Score

0.0004EPSS

2024-05-26 02:15 PM
25
cvelist
cvelist

CVE-2024-29215 Slash commands run in channel without channel membership via playbook task commands

Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-05-26 01:33 PM
vulnrichment
vulnrichment

CVE-2024-29215 Slash commands run in channel without channel membership via playbook task commands

Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook...

4.3CVSS

7AI Score

0.0004EPSS

2024-05-26 01:33 PM
vulnrichment
vulnrichment

CVE-2024-32045 Playbook run link to private channel grants channel access

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...

5.9CVSS

6.9AI Score

0.0004EPSS

2024-05-26 01:29 PM
cvelist
cvelist

CVE-2024-32045 Playbook run link to private channel grants channel access

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...

5.9CVSS

5.7AI Score

0.0004EPSS

2024-05-26 01:29 PM
1
fedora
fedora

[SECURITY] Fedora 40 Update: rust-zram-generator-1.1.2-11.fc40

This is a systemd unit generator that enables swap on zram. (With zram, there is no physical swap device. Part of the available RAM is used to store compressed pages, essentially trading CPU cycles for memor y.) To activate, install zram-generator-defaults...

7AI Score

2024-05-26 01:29 AM
3
cve
cve

CVE-2024-5229

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-25 03:15 AM
23
nvd
nvd

CVE-2024-5229

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-25 03:15 AM
vulnrichment
vulnrichment

CVE-2024-5229 Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-25 02:34 AM
cvelist
cvelist

CVE-2024-5229 Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-25 02:34 AM
osv
osv

BIT-hubble-relay-2024-25630

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue...

6.1CVSS

6.7AI Score

0.0004EPSS

2024-05-24 07:21 PM
2
cve
cve

CVE-2023-49574

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

7.1CVSS

6.1AI Score

0.0004EPSS

2024-05-24 01:15 PM
23
nvd
nvd

CVE-2023-49575

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....

7.1CVSS

6.7AI Score

0.0004EPSS

2024-05-24 01:15 PM
nvd
nvd

CVE-2023-49574

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

7.1CVSS

6.7AI Score

0.0004EPSS

2024-05-24 01:15 PM
cve
cve

CVE-2023-49575

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....

7.1CVSS

6.1AI Score

0.0004EPSS

2024-05-24 01:15 PM
25
cve
cve

CVE-2023-49572

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...

7.1CVSS

6.1AI Score

0.0004EPSS

2024-05-24 01:15 PM
23
nvd
nvd

CVE-2023-49573

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....

7.1CVSS

6.7AI Score

0.0004EPSS

2024-05-24 01:15 PM
nvd
nvd

CVE-2023-49572

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...

7.1CVSS

6.7AI Score

0.0004EPSS

2024-05-24 01:15 PM
1
cve
cve

CVE-2023-49573

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....

7.1CVSS

6.1AI Score

0.0004EPSS

2024-05-24 01:15 PM
22
vulnrichment
vulnrichment

CVE-2023-49575 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....

7.1CVSS

6.2AI Score

0.0004EPSS

2024-05-24 12:40 PM
cvelist
cvelist

CVE-2023-49575 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....

7.1CVSS

6.7AI Score

0.0004EPSS

2024-05-24 12:40 PM
1
vulnrichment
vulnrichment

CVE-2023-49574 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

7.1CVSS

6.2AI Score

0.0004EPSS

2024-05-24 12:40 PM
cvelist
cvelist

CVE-2023-49574 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

7.1CVSS

6.7AI Score

0.0004EPSS

2024-05-24 12:40 PM
cvelist
cvelist

CVE-2023-49573 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....

7.1CVSS

6.7AI Score

0.0004EPSS

2024-05-24 12:39 PM
vulnrichment
vulnrichment

CVE-2023-49573 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....

7.1CVSS

6.2AI Score

0.0004EPSS

2024-05-24 12:39 PM
cvelist
cvelist

CVE-2023-49572 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...

7.1CVSS

6.7AI Score

0.0004EPSS

2024-05-24 12:39 PM
1
vulnrichment
vulnrichment

CVE-2023-49572 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...

7.1CVSS

6.2AI Score

0.0004EPSS

2024-05-24 12:39 PM
oraclelinux
oraclelinux

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

5.3CVSS

7.6AI Score

0.0004EPSS

2024-05-24 12:00 AM
11
wpvulndb
wpvulndb

LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC Request: POST...

5.5AI Score

0.0004EPSS

2024-05-24 12:00 AM
wpvulndb
wpvulndb

Primary Addon for Elementor < 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

Description The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 12:00 AM
packetstorm

7.4AI Score

2024-05-24 12:00 AM
153
wpexploit
wpexploit

LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.6AI Score

0.0004EPSS

2024-05-24 12:00 AM
11
krebs
krebs

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

6.8AI Score

2024-05-23 11:32 PM
4
msupdate
msupdate

2024-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5039705)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-05-23 11:00 PM
21
msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5039705)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-05-23 11:00 PM
12
msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 1809 for ARM64-based Systems (KB5039705)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-05-23 11:00 PM
1
msupdate
msupdate

2024-05 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5039705)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....

7.2AI Score

2024-05-23 11:00 PM
5
amazon
amazon

Medium: amazon-cloudwatch-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

6.9AI Score

0.0004EPSS

2024-05-23 10:04 PM
1
amazon
amazon

Medium: golang

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

6.7AI Score

0.0004EPSS

2024-05-23 10:04 PM
4
amazon
amazon

Medium: golist

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of...

5.3CVSS

6.8AI Score

0.001EPSS

2024-05-23 10:04 PM
3
amazon
amazon

Medium: cni-plugins

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

6.8AI Score

0.0004EPSS

2024-05-23 10:04 PM
3
talosblog
talosblog

Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others?

Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...

6.7AI Score

2024-05-23 06:00 PM
4
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 118 vulnerabilities disclosed in 90...

10CVSS

9.4AI Score

EPSS

2024-05-23 03:00 PM
16
redhat
redhat

(RHSA-2024:3352) Important: Red Hat OpenStack Platform 16.2 (etcd) security update

A highly-available key value store for shared configuration Security Fix(es): Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform (CVE-2024-4438) Incomplete fix for CVE-2021-44716 in OpenStack Platform (CVE-2024-4437) Incomplete fix for CVE-2022-41723 in OpenStack Platform...

7.3AI Score

0.732EPSS

2024-05-23 02:55 PM
5
nvd
nvd

CVE-2024-35224

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via {icon} substitution in table header values. This attack requires the permissions "Edit work...

7.6CVSS

7.3AI Score

0.0004EPSS

2024-05-23 01:15 PM
cve
cve

CVE-2024-35224

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via {icon} substitution in table header values. This attack requires the permissions "Edit work...

7.6CVSS

5.8AI Score

0.0004EPSS

2024-05-23 01:15 PM
53
cvelist
cvelist

CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via {icon} substitution in table header values. This attack requires the permissions "Edit work...

7.6CVSS

7.3AI Score

0.0004EPSS

2024-05-23 12:53 PM
kitploit
kitploit

Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry

Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows...

7.3AI Score

2024-05-23 12:30 PM
14
Total number of security vulnerabilities82384