CVE-2024-30078 Detection and Command Execution Script This...
8.8CVSS
10AI Score
0.001EPSS
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
0.0004EPSS
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
5.7AI Score
0.0004EPSS
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
0.0004EPSS
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....
8.1CVSS
0.001EPSS
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....
8.1CVSS
8AI Score
0.001EPSS
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....
8.1CVSS
0.001EPSS
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...
6.1CVSS
6.3AI Score
0.0004EPSS
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...
6.1CVSS
0.0004EPSS
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...
6.1CVSS
0.0004EPSS
rpm-ostree bug fix and enhancement update
An update is available for rpm-ostree. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rpm-ostree tool binds together the RPM packaging model with the...
7.4AI Score
kernel-rt security and bug fix update
An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...
7.8CVSS
7.9AI Score
0.001EPSS
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...
7.8CVSS
6.9AI Score
0.001EPSS
An update is available for rpm-ostree. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rpm-ostree tool binds together the RPM packaging model with the...
7.4AI Score
fence-agents security and bug fix update
An update is available for fence-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....
6.1CVSS
6.8AI Score
0.001EPSS
Moderate: fence-agents security and bug fix update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...
6.1CVSS
7.2AI Score
0.001EPSS
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....
7.8CVSS
7.8AI Score
0.001EPSS
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...
7.8CVSS
7.7AI Score
0.001EPSS
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating....
8.5CVSS
0.0005EPSS
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating....
8.5CVSS
8.3AI Score
0.0005EPSS
CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating....
8.5CVSS
0.0005EPSS
CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating....
8.5CVSS
6.7AI Score
0.0005EPSS
Rejetto HFS (HTTP File Server) CVE-2024-23692 Vulnerability...
9.8CVSS
10AI Score
0.002EPSS
Rocky Linux 8 : fence-agents (RLSA-2024:2968)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2968 advisory. * urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803) * pycryptodome: side-channel...
6.1CVSS
6.1AI Score
0.001EPSS
Rocky Linux 8 : kernel-rt (RLSA-2024:3627)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3627 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...
7.8CVSS
9.3AI Score
0.001EPSS
Rocky Linux 8 : kernel update (Moderate) (RLSA-2024:3618)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3618 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...
7.8CVSS
9.5AI Score
0.001EPSS
there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
0.0004EPSS
there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.8AI Score
0.0004EPSS
there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
0.0004EPSS
there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.8AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.8AI Score
EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
10AI Score
0.004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.9AI Score
EPSS
Siemens SCALANCE XM-400, XR-500
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
10AI Score
0.004EPSS
Operation Celestial Force employs mobile and desktop malware to target Indian entities
By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...
7.2AI Score
Cinterion EHS5 3G UMTS/HSPA Module Research
Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...
6.4CVSS
8.2AI Score
0.001EPSS
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause.....
6.5CVSS
7AI Score
0.0005EPSS
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause.....
6.5CVSS
0.0005EPSS
CVE-2024-34111 SSRF in service connector
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause.....
6.5CVSS
0.0005EPSS
CVE-2024-34111 SSRF in service connector
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause.....
6.5CVSS
7.9AI Score
0.0005EPSS
The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and...
6.4CVSS
5.7AI Score
0.0004EPSS
The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and...
6.4CVSS
0.0004EPSS
The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and...
6.4CVSS
0.0004EPSS
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
5.4AI Score
0.0004EPSS
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
0.0004EPSS
CVE-2024-4149 Floating Chat Widget < 3.2.3 - Admin+ Stored XSS
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
5.7AI Score
0.0004EPSS
CVE-2024-4149 Floating Chat Widget < 3.2.3 - Admin+ Stored XSS
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
0.0004EPSS
Server-side Template Injection (SSTI)
document_merge_service is vulnerable to Server-side Template Injection (SSTI). The vulnerability is due to insufficient input sanitization and validation in the handling of templates within the Document Merge Service, which allows attackers to inject malicious code into templates, which is then...
9.9CVSS
7.1AI Score
0.0004EPSS
Fedora 39 : php (2024-52c23ef1ec)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 (06 Jun 2024) CGI: * Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) * Fixed bug...
9.8CVSS
8.8AI Score
0.973EPSS
Microsoft Windows Start Menu Software Version Enumeration
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version. Note that the versions detected here do not necessarily...
7.1AI Score