The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
6.9AI Score
0.0004EPSS
Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified.....
7.8AI Score
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
6.9AI Score
0.001EPSS
Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified.....
7.9AI Score
0.0004EPSS
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 274 Vulnerability Details ** CVEID: CVE-2022-40897 DESCRIPTION: **Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a...
7.2AI Score
0.005EPSS
Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified.....
7.3AI Score
0.0004EPSS
Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified.....
7.4AI Score
0.0004EPSS
CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
6.7AI Score
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
5.9AI Score
0.001EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level...
6.7AI Score
0.001EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6AI Score
0.001EPSS
Regular Expression Denial Of Service (ReDoS)
micromatch is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due a regex expression with inefficient complexity within the micromatch.braces() method. An attacker can submit a large payload without a closing bracket, which results in Regular Expression Denial of...
6.7AI Score
0.0004EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6.3AI Score
0.001EPSS
Regular Expression Denial Of Service (ReDoS)
tecnickcom/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to a regular expression with inefficient complexity utilized when parsing a SVG file. This allows an attacker to cause a denial of service by crafting a malicious svg...
6.7AI Score
swiftmailer/swiftmailer is vulnerable to Command Injection. The vulnerability is due to improper handling of the "From" header when it comes from a non-trusted source and when no "Return-Path" is configured, which allows an attacker to execute arbitrary shell...
7.8AI Score
8.2AI Score
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
6.2AI Score
0.001EPSS
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../...
7.5AI Score
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../...
7.1AI Score
The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
8.8CVSS
8AI Score
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
6AI Score
0.001EPSS
CVE-2024-5345 Responsive Owl Carousel for Elementor <= 1.2.0 - Local File Inclusion
The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
7.9AI Score
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...
5.9AI Score
0.001EPSS
Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker.....
7.6AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: wireshark-4.0.15-1.fc39
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...
6.3AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: roundcubemail-1.6.7-1.fc39
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
7.3AI Score
[SECURITY] Fedora 39 Update: cacti-1.2.27-1.fc39
Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP...
6.4AI Score
0.001EPSS
Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker.....
7.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: python3.6-3.6.15-30.fc40
Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software.....
7.1AI Score
0.0005EPSS
[SECURITY] Fedora 40 Update: wireshark-4.2.5-1.fc40
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...
6.3AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: roundcubemail-1.6.7-1.fc40
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
7.3AI Score
6.7AI Score
0.019EPSS
6.7AI Score
0.019EPSS
global-value-management.de Cross Site Scripting vulnerability OBB-3931816
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
zfin.org Cross Site Scripting vulnerability OBB-3931815
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
cleverdeal24.de Cross Site Scripting vulnerability OBB-3931814
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.1AI Score
0.0005EPSS
AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2024:3466)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3466 advisory. * python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python39:3.9/python39: python: The zipfile module is...
7AI Score
Amazon Linux 2 : unbound (ALASUNBOUND-2024-001)
The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-001 advisory. An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a...
6.5AI Score
JetBrains TeamCity < 2023.11.3 Authentication Bypass
JetBrains TeamCity version prior to 2023.11.3 suffer from an authentication bypass allowing an unauthenticated attacker to gain administrative control of the TeamCity server via a specially crafted...
7.9AI Score
python39:3.9 and python39-devel:3.9 security update
mod_wsgi numpy python39 [3.9.19-1] - Update to 3.9.19 - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33676, RHEL-33688 python3x-pip python3x-setuptools python3x-six python-cffi python-chardet python-cryptography...
7.2AI Score
0.0005EPSS
nginx 1.1.x < 1.1.19 / 1.0.x < 1.0.15 A Buffer Overflow Vulnerability
According to its Sever response header, the installed version of nginx is 1.0.x prior to 1.0.15 or 1.1.x prior to 1.1.19. It is, therefore, affected by the following issue : Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3...
8.3AI Score
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...
7.5AI Score
TeamCity Server < 2023.5.6 XSS Vulnerability
According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.5.6 It is, therefore, affected by a reflected XSS on the subscriptions page is possible Note that Nessus did not actually test for these issues, but instead...
6.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...
8.2AI Score
Rockwell Studio 5000 Logix Designer < V34 Code Hiding
The version of Rockwell Studio 5000 Logix Designer installed on the remote Windows host is prior to V34. It is, therefore, affected by a vulnerability. An attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable...
7.3AI Score
Atlassian Confluence 7.20.x < 8.5.9 Remote Code Execution
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.22, 7.20.x prior to 8.5.9 or 8.6.x prior to 8.9.1 It is, therefore, affected by a remote code execution vulnerability. Note that the scanner has not tested for these...
8.2AI Score