Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through...
4.3CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through...
9.9CVSS
7.3AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
8.5CVSS
8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...
7.1CVSS
7.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through...
7.1CVSS
7.2AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx...
7.1CVSS
6.6AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
9.3CVSS
8AI Score
0.0004EPSS
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...
9.3CVSS
8AI Score
0.0004EPSS
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information...
5.9CVSS
6.6AI Score
0.0004EPSS
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: ...
9.8CVSS
6.8AI Score
0.001EPSS
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local...
7.8CVSS
7.1AI Score
0.0004EPSS
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be...
6CVSS
6.2AI Score
0.0004EPSS
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local...
7CVSS
6.8AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The.....
6.1CVSS
6AI Score
0.001EPSS
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual...
6CVSS
7.1AI Score
0.001EPSS
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual...
8.2CVSS
8.4AI Score
0.002EPSS
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device...
8.8CVSS
8.6AI Score
0.0004EPSS
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating...
7.8CVSS
8AI Score
0.0004EPSS
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling...
8.1CVSS
7.8AI Score
0.001EPSS
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On...
8.2CVSS
8.4AI Score
0.0004EPSS
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing...
7.8CVSS
7.8AI Score
0.001EPSS
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary...
7.8CVSS
7.9AI Score
0.001EPSS
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary...
7.8CVSS
7.8AI Score
0.001EPSS
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary...
7.8CVSS
8.1AI Score
0.001EPSS
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary...
7.8CVSS
8AI Score
0.001EPSS
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the...
9.8CVSS
9.2AI Score
0.261EPSS
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the...
6.7CVSS
7.2AI Score
0.0004EPSS
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary...
7.5CVSS
7.8AI Score
0.001EPSS
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the...
6.7CVSS
7.1AI Score
0.0004EPSS
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be...
7.8CVSS
7.7AI Score
0.001EPSS
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a....
8.4CVSS
7.6AI Score
0.0004EPSS
The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS
The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the show_logs_section function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including...
4.7CVSS
4.8AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in...
4.8CVSS
4.9AI Score
0.001EPSS
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme"...
5.4CVSS
6AI Score
0.001EPSS
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration"...
5.4CVSS
5.8AI Score
0.001EPSS
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted...
5.4CVSS
5.8AI Score
0.001EPSS
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim...
5.4CVSS
7.3AI Score
0.001EPSS
A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer"...
5.4CVSS
5.8AI Score
0.001EPSS
The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message...
5.4CVSS
7.1AI Score
0.001EPSS
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by...
8.8CVSS
9.3AI Score
0.003EPSS
Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka...
6.1CVSS
9.2AI Score
0.008EPSS
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by...
8.8CVSS
9.3AI Score
0.016EPSS
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in...
9.8CVSS
9.6AI Score
0.118EPSS
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to...
9.8CVSS
9.6AI Score
0.079EPSS
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in...
6.5CVSS
9.2AI Score
0.027EPSS
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in...
9.8CVSS
9.6AI Score
0.079EPSS
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to...
9.8CVSS
9.3AI Score
0.059EPSS
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP...
9.8CVSS
9.5AI Score
0.042EPSS
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in...
9.8CVSS
9.4AI Score
0.008EPSS