Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above...
8.1AI Score
EPSS
Moderate: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox: Potential...
7.8AI Score
0.0004EPSS
PHP 8.3.x < 8.3.8 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.29, 8.2.x prior to 8.2.20, or 8.3.x prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities: An argument Injection in PHP-CGI with a bypass of CVE-2012-1823....
9.8CVSS
10AI Score
0.973EPSS
Moderate: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.6AI Score
0.0004EPSS
RHEL 8 : thunderbird (RHSA-2024:3784)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3784 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): *...
7.9AI Score
0.0004EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3775)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3775 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0005EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3755)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3755 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...
8.1CVSS
8.4AI Score
0.0005EPSS
Important: idm:DL1 security update
AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access...
8.1CVSS
6.8AI Score
0.0005EPSS
RHEL 7 : bind, bind-dyndb-ldap, and dhcp (RHSA-2024:3741)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3741 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....
7.5CVSS
7.4AI Score
0.05EPSS
Amazon Linux 2023 : unixODBC, unixODBC-devel (ALAS2023-2024-641)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-641 advisory. An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures,...
7.1CVSS
7AI Score
0.0004EPSS
RHEL 8 : nghttp2 (RHSA-2024:3763)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3763 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION...
5.3CVSS
7.3AI Score
0.0004EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3756)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3756 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0005EPSS
RHEL 8 : firefox (RHSA-2024:3783)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3783 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.9AI Score
0.0004EPSS
Moderate: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...
7.8AI Score
0.0004EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
0.967EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
7AI Score
0.967EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
CVE-2024-4577 Argument Injection in PHP-CGI
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
0.967EPSS
CVE-2024-4577 Argument Injection in PHP-CGI
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
7.1AI Score
0.967EPSS
Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through...
9.8CVSS
0.001EPSS
Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through...
9.8CVSS
5.4AI Score
0.001EPSS
Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through...
9.8CVSS
5.4AI Score
0.001EPSS
Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through...
9.8CVSS
0.001EPSS
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...
9.8CVSS
6.5AI Score
0.001EPSS
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...
9.8CVSS
0.001EPSS
CVE-2024-34802 WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through...
5.3CVSS
0.001EPSS
CVE-2024-34802 WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through...
5.3CVSS
6.9AI Score
0.001EPSS
Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through...
5.3CVSS
7AI Score
0.001EPSS
Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through...
5.3CVSS
0.001EPSS
CVE-2024-31284 WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...
6.5CVSS
0.001EPSS
CVE-2024-31284 WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...
6.5CVSS
6.9AI Score
0.001EPSS
Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through...
7.5CVSS
7.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through...
7.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through...
5.4CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through...
5.4CVSS
0.0004EPSS
CVE-2024-32798 WordPress WP Travel Engine plugin <= 5.8.0 - Price Manipulation vulnerability
Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through...
7.5CVSS
0.0004EPSS
CVE-2024-32821 WordPress Total Poll Lite plugin <= 4.9.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...
9.1CVSS
0.0004EPSS
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...
9.1CVSS
9.3AI Score
0.0004EPSS
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...
9.1CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...
9.1CVSS
0.0004EPSS
CVE-2024-31273 WordPress JS Help Desk plugin <= 2.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
CVE-2024-31273 WordPress JS Help Desk plugin <= 2.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through...
8.8CVSS
0.0004EPSS