D-Link DAR-8000-10 - Command Injection
D-Link DAR-8000-10 version has an operating system command injection vulnerability. The vulnerability originates from the parameter id of the file /app/sys1.php which can lead to operating system command...
10AI Score
0.922EPSS
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...
5.3CVSS
7.2AI Score
0.001EPSS
Nagios XI < 5.11.3 - SQL Injection
SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification...
7.9AI Score
0.001EPSS
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...
7.2AI Score
0.001EPSS
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
6AI Score
0.001EPSS
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.001EPSS
CVE-2024-3495-Poc CVE-2024-3495 Country State City Dropdown...
10AI Score
0.001EPSS
The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
6.4CVSS
6AI Score
0.0004EPSS
The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
5.9AI Score
0.0004EPSS
FreeBSD : chromium -- multiple security fixes (8247af0d-183b-11ef-9f97-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8247af0d-183b-11ef-9f97-a8a1599412c6 advisory. Chrome Releases reports: This update includes 15 security fixes: Tenable has extracted the...
7.5AI Score
RHEL 8 : krb5 (RHSA-2024:3268)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3268 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of...
6.8AI Score
Description The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'export_content' function. This allows authenticated attackers, with contributor-level...
7.5AI Score
0.001EPSS
Apache Tomcat 7.0.0 < 7.0.99 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.99. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.99_security-7 advisory. When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to...
7.8AI Score
FreeBSD : Gitlab -- Vulnerabilities (f848ef90-1848-11ef-9850-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f848ef90-1848-11ef-9850-001b217b3468 advisory. Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS...
6.5AI Score
Description The LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.8AI Score
0.001EPSS
Unlimited Elements for Elementor < 1.5.108 - Contributor+ SQLi
Description The plugin is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access...
7.3AI Score
0.001EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input...
6.4CVSS
6.2AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input...
6AI Score
0.0004EPSS
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...
5.4CVSS
7.5AI Score
0.0004EPSS
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...
7.5AI Score
0.0004EPSS
From trust to trickery: Brand impersonation over the email attack vector
Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. Talos has discovered a wide range of techniques threat actors use to embed and deliver brand logos via emails to their victims. Talos is providing...
6.5AI Score
(RHSA-2024:3268) Low: krb5 security update
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...
7.4AI Score
0.0004EPSS
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
7.2CVSS
6AI Score
0.0005EPSS
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6AI Score
0.0005EPSS
The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
6.4CVSS
6.1AI Score
0.001EPSS
The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6. This makes it possible for authenticated attackers, with subscriber....
4.3CVSS
6.9AI Score
0.0004EPSS
The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6. This makes it possible for authenticated attackers, with subscriber....
6.7AI Score
0.0004EPSS
The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
5.9AI Score
0.001EPSS
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for.....
7.5CVSS
7.2AI Score
0.001EPSS
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...
9.8CVSS
8.3AI Score
0.001EPSS
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...
8.2AI Score
0.001EPSS
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for.....
7AI Score
0.001EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of...
5.3CVSS
7.2AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path Prior to this patch in case mlx5_core_destroy_cq() failed it returns without completing all destroy operations and that leads to memory leak. Instead, complete the...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path Prior to this patch in case mlx5_core_destroy_cq() failed it returns without completing all destroy operations and that leads to memory leak. Instead, complete the...
7.1AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of...
7.2AI Score
0.001EPSS
CVE-2021-47438 net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path Prior to this patch in case mlx5_core_destroy_cq() failed it returns without completing all destroy operations and that leads to memory leak. Instead, complete the...
7.1AI Score
0.0004EPSS
The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
6.4CVSS
6AI Score
0.001EPSS
The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied....
6.4CVSS
6AI Score
0.0004EPSS
The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...
6.4CVSS
6AI Score
0.0004EPSS
The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...
5.9AI Score
0.0004EPSS
The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied....
5.9AI Score
0.0004EPSS
The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
5.9AI Score
0.001EPSS
The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....
6.4CVSS
6.1AI Score
0.001EPSS
The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....
6AI Score
0.001EPSS
Element Pack Elementor Addons < 5.6.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to...
5.9AI Score
0.0004EPSS
Contact Form Plugin by Fluent Forms < 5.1.16 - Contributor+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional....
6.9AI Score
0.001EPSS
Description The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before...
7.5AI Score
0.0004EPSS
CentOS 8 : fence-agents (CESA-2024:2968)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:2968 advisory. urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response...
6.6AI Score
7.2AI Score
0.932EPSS