Lucene search

K

Contact Forms – Drag & Drop Contact Form Builder Security Vulnerabilities

nvd
nvd

CVE-2024-3276

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when.....

0.0004EPSS

2024-06-18 06:15 AM
5
cve
cve

CVE-2024-5172

The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.4AI Score

0.0004EPSS

2024-06-18 06:15 AM
27
nvd
nvd

CVE-2024-5172

The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

0.0004EPSS

2024-06-18 06:15 AM
5
cve
cve

CVE-2024-4094

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

5.7AI Score

0.0004EPSS

2024-06-18 06:15 AM
23
cve
cve

CVE-2024-3276

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when.....

5.4AI Score

0.0004EPSS

2024-06-18 06:15 AM
39
nvd
nvd

CVE-2024-5541

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for...

5.3CVSS

0.001EPSS

2024-06-18 03:15 AM
4
cve
cve

CVE-2024-5541

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for...

5.3CVSS

5.2AI Score

0.001EPSS

2024-06-18 03:15 AM
23
vulnrichment
vulnrichment

CVE-2024-5541 Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for...

5.3CVSS

6.8AI Score

0.001EPSS

2024-06-18 02:37 AM
cvelist
cvelist

CVE-2024-5541 Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for...

5.3CVSS

0.001EPSS

2024-06-18 02:37 AM
2
oraclelinux
oraclelinux

glibc security update

[2.17-326.0.6.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi Oracle history: April-28-2023 Cupertino Miranda - 2.17-326.0.6 - OraBug 35338741 Glibc tunable to disable huge pages on pthread_create stacks Reviewed-by: Jose E. Marchesi February-22-2023...

7.7AI Score

0.0005EPSS

2024-06-18 12:00 AM
5
nessus
nessus

RHEL 7 : flatpak (RHSA-2024:3980)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3980 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-18 12:00 AM
3
packetstorm

7.4AI Score

2024-06-18 12:00 AM
67
oraclelinux
oraclelinux

flatpak security update

[1.0.9-13] - Fix...

8.4CVSS

6.9AI Score

0.0004EPSS

2024-06-18 12:00 AM
2
nessus
nessus

Oracle Linux 7 : flatpak (ELSA-2024-3980)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3980 advisory. [1.0.9-13] - Fix CVE-2024-32462 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not.....

8.4CVSS

8.2AI Score

0.0004EPSS

2024-06-18 12:00 AM
2
nessus
nessus

Fedora 40 : webkitgtk (2024-4d71f28349)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4d71f28349 advisory. Update to 2.44.2: * Make gamepads visible on axis movements, and not only on button presses. * Disable the gst-libav AAC decoder. * Make user scripts and...

6.7AI Score

0.0004EPSS

2024-06-18 12:00 AM
2
nessus
nessus

Oracle Linux 7 : glibc (ELSA-2024-12442)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12442 advisory. - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi &lt;[email protected]&gt; Oracle history: April-28-2023...

9.8CVSS

10AI Score

0.009EPSS

2024-06-18 12:00 AM
3
wallarmlab
wallarmlab

Zero-Day Marketplace Explained: How Zerodium, BugTraq, and Fear contributed to the Rise of the Zero-Day Vulnerability Black Market

Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT...

7.9AI Score

2024-06-17 08:33 PM
6
rapid7blog
rapid7blog

Malvertising Campaign Leads to Execution of Oyster Backdoor

The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....

7.3AI Score

2024-06-17 08:28 PM
3
osv
osv

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin &lt;= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

8.8CVSS

7.9AI Score

0.0004EPSS

2024-06-17 08:15 PM
2
nvd
nvd

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin &lt;= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

8.8CVSS

0.0004EPSS

2024-06-17 08:15 PM
2
cve
cve

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin &lt;= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

8.8CVSS

9.1AI Score

0.0004EPSS

2024-06-17 08:15 PM
21
ibm
ibm

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...

8.2CVSS

9.7AI Score

EPSS

2024-06-17 08:14 PM
4
cvelist
cvelist

CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin &lt;= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

8.8CVSS

0.0004EPSS

2024-06-17 07:33 PM
3
veracode
veracode

Insecure Credential Storage

TYPO3 is vulnerable to Insecure Credential Storage. The vulnerability is due to the backend form reloading when creating new backend user accounts, potentially persisting records with insecure or empty...

7AI Score

2024-06-17 09:18 AM
1
nuclei
nuclei

F-logic DataCube3 - SQL Injection

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id...

7.3AI Score

0.001EPSS

2024-06-17 08:09 AM
5
osv
osv

BIT-magento-2024-34105

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

4.8CVSS

5.3AI Score

0.0004EPSS

2024-06-17 07:25 AM
2
malwarebytes
malwarebytes

A week in security (June 10 &#8211; June 16)

Last week on Malwarebytes Labs: Truist bank confirms data breach Update now! Google Pixel vulnerability is under active exploitation Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content 23andMe data breach under joint investigation in two countries When things go...

7AI Score

2024-06-17 07:03 AM
13
veracode
veracode

Cross-site Scripting (XSS)

TYPO3 is vulnerable to cross-site scripting (XSS). The vulnerability is due to improper handling of t3:// URLs and typolink functionality, affecting both backend forms and frontend extensions that use typolink...

6.4AI Score

2024-06-17 06:46 AM
1
thn
thn

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser....

7.1AI Score

2024-06-17 06:28 AM
23
nvd
nvd

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

0.0004EPSS

2024-06-17 06:15 AM
3
cve
cve

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.6AI Score

0.0004EPSS

2024-06-17 06:15 AM
24
nvd
nvd

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-17 06:15 AM
5
cve
cve

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

5.6AI Score

0.0004EPSS

2024-06-17 06:15 AM
30
cvelist
cvelist

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-17 06:00 AM
3
vulnrichment
vulnrichment

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

5.8AI Score

0.0004EPSS

2024-06-17 06:00 AM
1
nessus
nessus

RHEL 8 : flatpak (RHSA-2024:3961)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3961 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
3
nessus
nessus

RHEL 8 : flatpak (RHSA-2024:3962)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3962 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

7.4AI Score

0.0004EPSS

2024-06-17 12:00 AM
4
wpvulndb
wpvulndb

Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update

Description The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for...

5.3CVSS

6.7AI Score

0.001EPSS

2024-06-17 12:00 AM
nessus
nessus

RHEL 9 : flatpak (RHSA-2024:3959)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3959 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
2
nessus
nessus

RHEL 9 : flatpak (RHSA-2024:3960)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3960 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
2
packetstorm

7.4AI Score

0.0004EPSS

2024-06-17 12:00 AM
81
nvd
nvd

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

0.001EPSS

2024-06-16 09:15 PM
6
cve
cve

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

6AI Score

0.001EPSS

2024-06-16 09:15 PM
25
nessus
nessus

FreeBSD : go -- multiple vulnerabilities (a5c64f6f-2af3-11ef-a77e-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a5c64f6f-2af3-11ef-a77e-901b0e9408dc advisory. The Go project reports: archive/zip: mishandling of corrupt central directory record The...

9.8CVSS

8AI Score

0.001EPSS

2024-06-16 12:00 AM
5
vulnrichment
vulnrichment

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

5.9AI Score

0.001EPSS

2024-06-16 12:00 AM
nessus
nessus

FreeBSD : traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses (219aaa1e-2aff-11ef-ab37-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 219aaa1e-2aff-11ef-ab37-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Go managing various Is methods ...

9.8CVSS

9.4AI Score

0.001EPSS

2024-06-16 12:00 AM
4
cvelist
cvelist

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

0.001EPSS

2024-06-16 12:00 AM
1
nvd
nvd

CVE-2024-5858

The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with...

4.3CVSS

0.001EPSS

2024-06-15 09:15 AM
5
cve
cve

CVE-2024-5858

The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with...

4.3CVSS

4.5AI Score

0.001EPSS

2024-06-15 09:15 AM
24
cvelist
cvelist

CVE-2024-5858 Infographic Maker iList <= 4.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Title Update

The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with...

4.3CVSS

0.001EPSS

2024-06-15 08:42 AM
1
Total number of security vulnerabilities167594