VMware Fusion 12.0.x < 12.2.0 Vulnerability (VMSA-2022-0001.2)
The version of VMware Fusion installed on the remote macOS or Mac OS X host is 12.0.x prior to 12.2.0. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
7.8CVSS
6.9AI Score
0.001EPSS
AlmaLinux 9 : git (ALSA-2024:4083)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4083 advisory. * git: Recursive clones RCE (CVE-2024-32002) * git: RCE while cloning local repos (CVE-2024-32004) * git: additional local RCE (CVE-2024-32465) * git:...
9CVSS
7AI Score
0.002EPSS
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1821)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary:...
7.1AI Score
0.0004EPSS
EulerOS 2.0 SP11 : llvm (EulerOS-SA-2024-1839)
According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to...
6.8AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2183-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2183-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....
9.8CVSS
8.4AI Score
0.005EPSS
AlmaLinux 9 : python3.11 (ALSA-2024:4077)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4077 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) Tenable has extracted the preceding description block directly from the AlmaLinux security...
7.8CVSS
7.7AI Score
0.0004EPSS
EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2024-1820)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the...
5.3CVSS
7.3AI Score
0.0004EPSS
AlmaLinux 9 : python3.9 (ALSA-2024:4078)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4078 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...
7.8CVSS
7.3AI Score
0.0005EPSS
EulerOS 2.0 SP11 : libyaml (EulerOS-SA-2024-1838)
According to the versions of the libyaml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function...
7.8AI Score
0.0004EPSS
Oracle Linux 9 : python3.11 (ELSA-2024-4077)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4077 advisory. - Security fix for CVE-2023-6597 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...
7.8CVSS
7.6AI Score
0.0004EPSS
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1842)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary:...
9.6AI Score
0.0004EPSS
RHEL 7 : kernel (RHSA-2024:4098)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4098 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: bluetooth: Unauthorized...
6.8CVSS
7.5AI Score
0.0004EPSS
EulerOS 2.0 SP11 : sssd (EulerOS-SA-2024-1847)
According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper...
7.1CVSS
7.3AI Score
0.0004EPSS
EulerOS 2.0 SP11 : curl (EulerOS-SA-2024-1808)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum...
9.8AI Score
0.0004EPSS
Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins
On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team. We immediately checked the malicious file and uploaded it to our internal....
7.1AI Score
3DPrint Lite < 1.9.1.5 - Arbitrary File Upload
The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...
9.8CVSS
7.1AI Score
0.188EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...
8.6CVSS
8.6AI Score
0.0004EPSS
Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...
4.3CVSS
4.8AI Score
0.0004EPSS
Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...
4.3CVSS
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...
8.6CVSS
0.0004EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...
10CVSS
0.0004EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before...
9.9CVSS
9.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before...
7.5CVSS
7.7AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...
8.5CVSS
8.5AI Score
0.0004EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...
10CVSS
9.7AI Score
0.0004EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before...
9.9CVSS
0.0004EPSS
Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before...
8.8CVSS
8.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before...
8.8CVSS
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...
8.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before...
7.5CVSS
0.0004EPSS
CVE-2024-37233 WordPress Play.ht plugin <= 3.6.4 - Broken Access Control vulnerability
Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...
4.3CVSS
7AI Score
0.0004EPSS
CVE-2024-37233 WordPress Play.ht plugin <= 3.6.4 - Broken Access Control vulnerability
Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...
4.3CVSS
0.0004EPSS
CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...
8.6CVSS
0.0004EPSS
CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...
8.6CVSS
6.8AI Score
0.0004EPSS
CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...
10CVSS
0.0004EPSS
CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...
10CVSS
7.1AI Score
0.0004EPSS
Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before...
7.5CVSS
7.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before...
7.5CVSS
0.0004EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before...
9.9CVSS
7.4AI Score
0.0004EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before...
9.9CVSS
0.0004EPSS
Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before...
8.8CVSS
0.0004EPSS
Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before...
8.8CVSS
7.2AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...
8.5CVSS
0.0004EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through...
9.9CVSS
9.6AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through...
9.9CVSS
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...
9CVSS
9.1AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...
9CVSS
0.0004EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through...
9.9CVSS
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...
9CVSS
0.0004EPSS
Insecure Direct Object Reference (IDOR)
jweiland/events2 is vulnerable to Insecure Direct Object Reference (IDOR). The vulnerability is due to missing access checks in the management plugin, which allows an attacker to activate or delete events without...
5.4CVSS
6.6AI Score
0.0004EPSS