CVE-2024-4443-Poc CVE-2024-4443 Business Directory Plugin –...
9.8CVSS
7.9AI Score
0.029EPSS
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...
5.9CVSS
5.7AI Score
0.0004EPSS
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...
5.9CVSS
6.8AI Score
0.0004EPSS
CVE-2024-29215 Slash commands run in channel without channel membership via playbook task commands
Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-29215 Slash commands run in channel without channel membership via playbook task commands
Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook...
4.3CVSS
7AI Score
0.0004EPSS
CVE-2024-32045 Playbook run link to private channel grants channel access
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...
5.9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-32045 Playbook run link to private channel grants channel access
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members...
5.9CVSS
5.7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: rust-zram-generator-1.1.2-11.fc40
This is a systemd unit generator that enables swap on zram. (With zram, there is no physical swap device. Part of the available RAM is used to store compressed pages, essentially trading CPU cycles for memor y.) To activate, install zram-generator-defaults...
7AI Score
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.7AI Score
0.001EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.9AI Score
0.001EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.8AI Score
0.001EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.9AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue...
6.1CVSS
6.7AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...
7.1CVSS
6.1AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....
7.1CVSS
6.7AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...
7.1CVSS
6.7AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....
7.1CVSS
6.1AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...
7.1CVSS
6.1AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....
7.1CVSS
6.7AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...
7.1CVSS
6.7AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....
7.1CVSS
6.1AI Score
0.0004EPSS
CVE-2023-49575 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....
7.1CVSS
6.2AI Score
0.0004EPSS
CVE-2023-49575 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....
7.1CVSS
6.7AI Score
0.0004EPSS
CVE-2023-49574 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...
7.1CVSS
6.2AI Score
0.0004EPSS
CVE-2023-49574 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...
7.1CVSS
6.7AI Score
0.0004EPSS
CVE-2023-49573 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....
7.1CVSS
6.7AI Score
0.0004EPSS
CVE-2023-49573 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....
7.1CVSS
6.2AI Score
0.0004EPSS
CVE-2023-49572 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...
7.1CVSS
6.7AI Score
0.0004EPSS
CVE-2023-49572 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...
7.1CVSS
6.2AI Score
0.0004EPSS
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
5.3CVSS
7.6AI Score
0.0004EPSS
LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC Request: POST...
5.5AI Score
0.0004EPSS
Description The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.8AI Score
0.001EPSS
7.4AI Score
LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.6AI Score
0.0004EPSS
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
2024-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5039705)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....
7.2AI Score
2024-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5039705)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....
7.2AI Score
2024-05 Cumulative Update for Windows 10 Version 1809 for ARM64-based Systems (KB5039705)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....
7.2AI Score
2024-05 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5039705)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article.....
7.2AI Score
Medium: amazon-cloudwatch-agent
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
6.9AI Score
0.0004EPSS
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
6.7AI Score
0.0004EPSS
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of...
5.3CVSS
6.8AI Score
0.001EPSS
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
6.8AI Score
0.0004EPSS
Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...
6.7AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 118 vulnerabilities disclosed in 90...
10CVSS
9.4AI Score
EPSS
(RHSA-2024:3352) Important: Red Hat OpenStack Platform 16.2 (etcd) security update
A highly-available key value store for shared configuration Security Fix(es): Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform (CVE-2024-4438) Incomplete fix for CVE-2021-44716 in OpenStack Platform (CVE-2024-4437) Incomplete fix for CVE-2022-41723 in OpenStack Platform...
7.3AI Score
0.732EPSS
OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via {icon} substitution in table header values. This attack requires the permissions "Edit work...
7.6CVSS
7.3AI Score
0.0004EPSS
OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via {icon} substitution in table header values. This attack requires the permissions "Edit work...
7.6CVSS
5.8AI Score
0.0004EPSS
CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject
OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via {icon} substitution in table header values. This attack requires the permissions "Edit work...
7.6CVSS
7.3AI Score
0.0004EPSS
Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry
Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows...
7.3AI Score