A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated remotely. The exploit has...
7.3CVSS
7.2AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated remotely. The exploit has...
7.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-5653 Chanjet Smooth T+system keyEdit.aspx sql injection
A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated remotely. The exploit has...
7.3CVSS
7.5AI Score
0.0004EPSS
Disclaimer This script is for educational and testing purposes...
9.8CVSS
9.7AI Score
0.973EPSS
Observable Timing Discrepancy in pypqc
Impact kyber512, kyber768, and kyber1024 on Mac OS (or when compiled with clang) only: An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. Proof-of-concept exploit exists for a...
7AI Score
Observable Timing Discrepancy in pypqc
Impact kyber512, kyber768, and kyber1024 on Mac OS (or when compiled with clang) only: An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. Proof-of-concept exploit exists for a...
7AI Score
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the.....
8.8CVSS
8.5AI Score
0.001EPSS
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The.....
9.8CVSS
7.6AI Score
0.001EPSS
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The.....
9.8CVSS
6.8AI Score
0.001EPSS
CVE-2024-5636 itsourcecode Bakery Online Ordering System index.php sql injection
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The.....
6.3CVSS
7.3AI Score
0.001EPSS
CVE-2024-5636 itsourcecode Bakery Online Ordering System index.php sql injection
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The.....
6.3CVSS
6.8AI Score
0.001EPSS
Description The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to.....
5.3CVSS
6.8AI Score
0.0005EPSS
Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
Description The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to...
6.6AI Score
EPSS
Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
Description The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their...
6.6AI Score
EPSS
Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
Description The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved. PoC 1. Open the Wordpress where the plugin is installed with default...
6.4AI Score
EPSS
Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF
Description The plugin does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF...
6.7AI Score
EPSS
Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
Description The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. PoC 1. Add a form to a footer widget area 2. Disable JavaScript 3. Access the URL: https://example.com/%0a/google.com 4. Fill out the form and submit 5. The browser....
6.4AI Score
EPSS
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely....
9.8CVSS
6.8AI Score
0.001EPSS
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely....
9.8CVSS
7.7AI Score
0.001EPSS
CVE-2024-5635 itsourcecode Bakery Online Ordering System index.php sql injection
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely....
6.3CVSS
6.8AI Score
0.001EPSS
Debt collection agency FBCS leaks information of 3 million US citizens
The US debt collection agency Financial Business and Consumer Solutions (FBCS) has filed a data breach notification, listing the the total number of people affected as 3,226,631. FBCS is a nationally licensed, third-party collection agency that collects commercial and consumer debts, with most of.....
7.5AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
Oracle Linux 9 : qemu-kvm (ELSA-2024-12407)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12407 advisory. - ui/clipboard: add asserts for update and request (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683} - ui/clipboard: mark type as not available when...
8.2CVSS
7.7AI Score
0.001EPSS
Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len =...
7.3AI Score
0.0004EPSS
Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 package_evr_string: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2021-3631 BDU-ID: 2024-02428 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libvirt virtualization management library is related to the creation of SELinux.....
6.5CVSS
6.5AI Score
0.001EPSS
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to.....
6.3CVSS
7.7AI Score
0.0004EPSS
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to.....
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack...
6.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to.....
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5589 Netentsec NS-ASG Application Security Gateway sql injection
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack...
6.3CVSS
6.8AI Score
0.0004EPSS
RHEL 7 : rhev-guest-tools (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. rhevm: rhev agent service unquoted search path (CVE-2013-2151) Note that Nessus has not tested for this issue but...
7.3AI Score
0.0004EPSS
RHEL 5 : kernel-xen (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. xsa155 xen: paravirtualized drivers incautious about shared memory contents (XSA-155) (CVE-2015-8550) ...
6CVSS
6.9AI Score
0.001EPSS
RHEL 6 : qemu-kvm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. QEMU: net: ignore packets with large size (CVE-2018-17963) Buffer overflow in the send_control_msg...
9.8CVSS
7.5AI Score
0.141EPSS
7.4AI Score
7.4AI Score
RHEL 7 : qemu-kvm-ma (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. QEMU: msix: OOB access during mmio operations may lead to DoS (CVE-2020-13754) The Virtio Vring...
6.7CVSS
7.3AI Score
0.001EPSS
RHEL 8 : tar (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tar: does not properly warn the user when extracting setuid or setgid files (CVE-2005-2541) tar:...
5.5CVSS
7.3AI Score
0.011EPSS
RHEL 7 : qemu-kvm-rhev (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Qemu: ps2: information leakage via post_load routine (CVE-2017-16845) QEMU (aka Quick Emulator) built...
10CVSS
6.6AI Score
0.005EPSS
RHEL 8 : virtio-win (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. QEMU: local privilege escalation via the QEMU Guest Agent on Windows (CVE-2023-0664) Note that Nessus has not tested...
7.8CVSS
7AI Score
0.0004EPSS
RHEL 5 : xen (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. xsa224 xen: grant table operations mishandle reference counts (XSA-224) (CVE-2017-10921) The qemu...
9CVSS
8.7AI Score
0.053EPSS
7.4AI Score
7.4AI Score
7.4AI Score
RHEL 8 : libvirt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libvirt: Insecure sVirt label generation (CVE-2021-3631) An improper locking issue was found in the...
6.5CVSS
8.7AI Score
0.002EPSS