Lucene search

K

Float Menu – Awesome Floating Side Menu Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-5427 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-31 06:40 AM
cvelist
cvelist

CVE-2024-5427 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-31 06:40 AM
1
githubexploit

8.2CVSS

6.8AI Score

0.955EPSS

2024-05-31 02:18 AM
9
nessus
nessus

Progress WhatsUp Gold < 23.1.2 Multiple Vulnerabilities (000255428)

The version of Progress WhatsUp Gold installed on the remote host is prior to 23.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 000255428 advisory. In WhatsUp Gold versions released before 2023.1.2, a blind SSRF vulnerability exists in Whatsup Gold's ...

5.4CVSS

7.1AI Score

0.0005EPSS

2024-05-31 12:00 AM
2
ibm
ibm

Security Bulletin: Denial of service vulnerabilities in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Multiple denial of service attacks affecting Node.js have been published in this security bulletin. This bulletin identifies the steps...

7.3CVSS

7.7AI Score

EPSS

2024-05-30 06:50 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-1208

...

5.3CVSS

6.6AI Score

0.012EPSS

2024-05-30 05:55 PM
9
debiancve
debiancve

CVE-2024-36950

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
3
nvd
nvd

CVE-2024-36950

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...

7.3AI Score

0.0004EPSS

2024-05-30 04:15 PM
1
cve
cve

CVE-2024-36950

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...

6.4AI Score

0.0004EPSS

2024-05-30 04:15 PM
27
nvd
nvd

CVE-2024-36938

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...

5.5CVSS

6.3AI Score

0.0004EPSS

2024-05-30 04:15 PM
cve
cve

CVE-2024-36938

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
49
debiancve
debiancve

CVE-2024-36938

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
3
nvd
nvd

CVE-2024-36899

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(),...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
1
cve
cve

CVE-2024-36899

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(),...

6.8AI Score

0.0004EPSS

2024-05-30 04:15 PM
27
debiancve
debiancve

CVE-2024-36899

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(),...

6.8AI Score

0.0004EPSS

2024-05-30 04:15 PM
1
debiancve
debiancve

CVE-2024-36881

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
2
nvd
nvd

CVE-2024-36881

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....

6.4AI Score

0.0004EPSS

2024-05-30 04:15 PM
cve
cve

CVE-2024-36881

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
23
osv
osv

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability....

7.1AI Score

2024-05-30 04:13 PM
2
github
github

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability....

7.1AI Score

2024-05-30 04:13 PM
3
vulnrichment
vulnrichment

CVE-2024-36950 firewire: ohci: mask bus reset interrupts between ISR and bottom half

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...

6.6AI Score

0.0004EPSS

2024-05-30 03:35 PM
cvelist
cvelist

CVE-2024-36950 firewire: ohci: mask bus reset interrupts between ISR and bottom half

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...

7.3AI Score

0.0004EPSS

2024-05-30 03:35 PM
vulnrichment
vulnrichment

CVE-2024-36938 bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...

6.7AI Score

0.0004EPSS

2024-05-30 03:29 PM
1
cvelist
cvelist

CVE-2024-36938 bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...

6.3AI Score

0.0004EPSS

2024-05-30 03:29 PM
vulnrichment
vulnrichment

CVE-2024-36899 gpiolib: cdev: Fix use after free in lineinfo_changed_notify

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(),...

7AI Score

0.0004EPSS

2024-05-30 03:29 PM
1
cvelist
cvelist

CVE-2024-36899 gpiolib: cdev: Fix use after free in lineinfo_changed_notify

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(),...

6.6AI Score

0.0004EPSS

2024-05-30 03:29 PM
vulnrichment
vulnrichment

CVE-2024-36881 mm/userfaultfd: reset ptes when close() for wr-protected ones

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....

6.8AI Score

0.0004EPSS

2024-05-30 03:28 PM
1
cvelist
cvelist

CVE-2024-36881 mm/userfaultfd: reset ptes when close() for wr-protected ones

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....

6.4AI Score

0.0004EPSS

2024-05-30 03:28 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

9.8CVSS

9.9AI Score

0.035EPSS

2024-05-30 03:23 PM
13
ics
ics

LenelS2 NetBox

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: LenelS2 Equipment: NetBox Vulnerabilities: Use of Hard-coded Password, OS Command Injection, Argument Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

9.3AI Score

0.0004EPSS

2024-05-30 12:00 PM
2
ibm
ibm

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 273. Vulnerability Details ** CVEID: CVE-2024-29857 DESCRIPTION: **The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper...

7.5CVSS

7.5AI Score

EPSS

2024-05-30 11:26 AM
6
ibm
ibm

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana (OnPrem) build 273 Vulnerability Details ** CVEID: CVE-2021-32052 DESCRIPTION: **Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to...

7.5CVSS

9.3AI Score

0.962EPSS

2024-05-30 11:23 AM
1
redhatcve
redhatcve

CVE-2024-36016

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to...

7.5AI Score

0.0004EPSS

2024-05-30 07:33 AM
5
githubexploit

6.1CVSS

6AI Score

0.004EPSS

2024-05-30 07:20 AM
43
vulnrichment
vulnrichment

CVE-2024-5341 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 05:33 AM
cvelist
cvelist

CVE-2024-5341 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 05:33 AM
nvd
nvd

CVE-2024-3726

The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 03:15 AM
1
cve
cve

CVE-2024-3726

The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 03:15 AM
28
cvelist
cvelist

CVE-2024-3726 Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode

The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 02:35 AM
openvas
openvas

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1763)

The remote host is missing an update for the Huawei...

7.5CVSS

7AI Score

0.008EPSS

2024-05-30 12:00 AM
1
nessus
nessus

openSUSE 15 Security Update : gifsicle (openSUSE-SU-2024:0146-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0146-1 advisory. Update to version 1.95: - CVE-2023-46009: Fixed floating point exception vulnerability via resize_stream at src/xform.c (boo#1216403) Tenable has...

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-30 12:00 AM
1
packetstorm

7.4AI Score

2024-05-30 12:00 AM
36
ubuntucve
ubuntucve

CVE-2024-36881

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a....

7.2AI Score

0.0004EPSS

2024-05-30 12:00 AM
4
openvas
openvas

Huawei EulerOS: Security Advisory for python-pycryptodome (EulerOS-SA-2024-1775)

The remote host is missing an update for the Huawei...

5.9CVSS

6.7AI Score

0.001EPSS

2024-05-30 12:00 AM
openvas
openvas

openSUSE: Security Advisory for gifsicle (openSUSE-SU-2024:0146-1)

The remote host is missing an update for...

7.8CVSS

7.7AI Score

0.001EPSS

2024-05-30 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-36938

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...

5.5CVSS

6.8AI Score

0.0004EPSS

2024-05-30 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-36899

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(),...

7.2AI Score

0.0004EPSS

2024-05-30 12:00 AM
nessus
nessus

EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2024-1763)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of...

7.5CVSS

7.7AI Score

0.008EPSS

2024-05-30 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2024-1740)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of...

7.5CVSS

7.3AI Score

0.008EPSS

2024-05-30 12:00 AM
nessus
nessus

EulerOS 2.0 SP12 : python-pycryptodome (EulerOS-SA-2024-1752)

According to the versions of the python-pycryptodome package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger...

5.9CVSS

6.8AI Score

0.001EPSS

2024-05-30 12:00 AM
Total number of security vulnerabilities58188