Lucene search

K

Event Calendar – Calendar (WordPress Plugin) Security Vulnerabilities

nessus
nessus

Rocky Linux 8 : git-lfs (RLSA-2024:3346)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3346 advisory. * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) * golang: net/http/cookiejar: incorrect forwarding...

5.8AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : xorg-x11-server (RLSA-2024:3258)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3258 advisory. * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) * xorg-x11-server: Heap buffer overread/data leakage in.....

7.8CVSS

8AI Score

0.0005EPSS

2024-06-14 12:00 AM
nessus
nessus

AlmaLinux 9 : ruby (ALSA-2024:3838)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3838 advisory. * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) * ruby: ReDoS vulnerability in URI (CVE-2023-28755) * ruby: ReDoS vulnerability in Time...

8.8CVSS

7.8AI Score

EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 9 : tomcat (RLSA-2024:3307)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3307 advisory. * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug...

7.1AI Score

0.0004EPSS

2024-06-14 12:00 AM
1
nessus
nessus

Rocky Linux 9 : fence-agents (RLSA-2024:3820)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3820 advisory. * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064) Tenable has extracted the preceding description block directly from the Rocky Linux...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-14 12:00 AM
1
nessus
nessus

Debian dla-3827 : libcolorcorrect5 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3827 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3827-1 [email protected] ...

6.4AI Score

EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : gstreamer1-plugins-bad-free (RLSA-2024:3060)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3060 advisory. * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474) *...

8.8CVSS

7.7AI Score

0.0005EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : pcs (RLSA-2024:2953)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2953 advisory. * rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) * rubygem-rack: Possible DoS Vulnerability with Range...

5.8CVSS

5.8AI Score

0.0004EPSS

2024-06-14 12:00 AM
nessus
nessus

AlmaLinux 9 : buildah (ALSA-2024:3827)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3827 advisory. * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) * jose-go: improper handling of highly compressed data...

4.9CVSS

6AI Score

0.0005EPSS

2024-06-14 12:00 AM
nessus
nessus

Rocky Linux 8 : traceroute (RLSA-2024:3211)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3211 advisory. * traceroute: improper command line parsing (CVE-2023-46316) Tenable has extracted the preceding description block directly from the Rocky Linux security...

5.5CVSS

9.6AI Score

0.0004EPSS

2024-06-14 12:00 AM
exploitdb

5.5CVSS

7.4AI Score

0.002EPSS

2024-06-14 12:00 AM
48
vulnrichment
vulnrichment

CVE-2023-29174 WordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...

6.5CVSS

7.2AI Score

0.0004EPSS

2024-06-13 11:53 PM
cvelist
cvelist

CVE-2023-29174 WordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-13 11:53 PM
2
cvelist
cvelist

CVE-2023-35040 WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-13 11:51 PM
1
vulnrichment
vulnrichment

CVE-2023-35045 WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-13 11:50 PM
cvelist
cvelist

CVE-2023-35045 WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-13 11:50 PM
2
cvelist
cvelist

CVE-2023-36504 WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-13 11:48 PM
4
cvelist
cvelist

CVE-2023-36694 WordPress Kingkong Board plugin <= 2.1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through...

6.3CVSS

0.0004EPSS

2024-06-13 11:47 PM
3
cvelist
cvelist

CVE-2023-36695 WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-13 11:46 PM
1
vulnrichment
vulnrichment

CVE-2023-36695 WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-13 11:46 PM
cvelist
cvelist

CVE-2023-37394 WordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-13 11:44 PM
1
nvd
nvd

CVE-2024-0086

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

0.0004EPSS

2024-06-13 10:15 PM
2
cve
cve

CVE-2024-0086

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

5.4AI Score

0.0004EPSS

2024-06-13 10:15 PM
12
cvelist
cvelist

CVE-2024-0086 CVE

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

0.0004EPSS

2024-06-13 09:23 PM
4
vulnrichment
vulnrichment

CVE-2024-0086 CVE

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU...

5.5CVSS

5.3AI Score

0.0004EPSS

2024-06-13 09:23 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.8AI Score

EPSS

2024-06-13 03:35 PM
2
osv
osv

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.9AI Score

0.0004EPSS

2024-06-13 02:15 PM
1
nvd
nvd

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

0.0004EPSS

2024-06-13 02:15 PM
cve
cve

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.3AI Score

0.0004EPSS

2024-06-13 02:15 PM
12
vulnrichment
vulnrichment

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

5.3AI Score

0.0004EPSS

2024-06-13 01:46 PM
1
cvelist
cvelist

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers.....

5.4CVSS

0.0004EPSS

2024-06-13 01:46 PM
1
veracode
veracode

Improper Authorization

@strapi/plugin-content-manager is vulnerable to Improper Authorization. The vulnerability is due to improper access control, allowing users with the Author Role to see items in a collection associated with another collection that they did not...

2.3CVSS

6.5AI Score

0.0004EPSS

2024-06-13 12:16 PM
githubexploit
githubexploit

Exploit for Insufficiently Protected Credentials in Jetbrains Aqua

CVE-2024-37051 Analysis Overview CVE-2024-37051 is a...

9.3CVSS

6.8AI Score

0.001EPSS

2024-06-13 09:15 AM
51
cve
cve

CVE-2024-4371

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

9.3AI Score

0.0004EPSS

2024-06-13 09:15 AM
13
nvd
nvd

CVE-2024-4371

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

0.0004EPSS

2024-06-13 09:15 AM
1
nvd
nvd

CVE-2024-3073

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

0.0004EPSS

2024-06-13 09:15 AM
1
cve
cve

CVE-2024-3073

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

3.5AI Score

0.0004EPSS

2024-06-13 09:15 AM
13
cve
cve

CVE-2024-0979

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary.....

6.1CVSS

6AI Score

0.0005EPSS

2024-06-13 09:15 AM
13
nvd
nvd

CVE-2024-0979

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary.....

6.1CVSS

0.0005EPSS

2024-06-13 09:15 AM
1
cve
cve

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 09:15 AM
12
nvd
nvd

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 09:15 AM
1
cvelist
cvelist

CVE-2024-0979 Dashboard Widgets Suite <= 3.4.3 - Reflected Cross-Site Scripting

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary.....

6.1CVSS

0.0005EPSS

2024-06-13 08:31 AM
2
cvelist
cvelist

CVE-2024-4371 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

0.0004EPSS

2024-06-13 08:31 AM
2
vulnrichment
vulnrichment

CVE-2024-4371 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it.....

9CVSS

7.4AI Score

0.0004EPSS

2024-06-13 08:31 AM
1
vulnrichment
vulnrichment

CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

6.3AI Score

0.0004EPSS

2024-06-13 08:31 AM
cvelist
cvelist

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

0.001EPSS

2024-06-13 08:31 AM
3
cvelist
cvelist

CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....

2.7CVSS

0.0004EPSS

2024-06-13 08:31 AM
2
vulnrichment
vulnrichment

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-13 08:31 AM
cve
cve

CVE-2024-4615

The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-13 08:16 AM
15
nvd
nvd

CVE-2024-4615

The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and...

6.4CVSS

0.0004EPSS

2024-06-13 08:16 AM
2
Total number of security vulnerabilities269647