Lucene search

K

Intel(R) CSME Before Version 11.21.55, Intel(R) Server Platform Services Before Version 4.0 And Intel(R) Trusted Execution Engine Firmware Security Vulnerabilities

cve
cve

CVE-2024-5172 Expert Invoice <= 1.0.2 -Admin+ Stored XSS

The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.7AI Score

EPSS

2024-06-18 06:00 AM
1
cvelist
cvelist

CVE-2024-3276 FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when.....

EPSS

2024-06-18 06:00 AM
1
cve
cve

CVE-2024-4094 Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

6AI Score

EPSS

2024-06-18 06:00 AM
1
cve
cve

CVE-2024-3276 FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when.....

5.7AI Score

EPSS

2024-06-18 06:00 AM
11
cvelist
cvelist

CVE-2024-4094 Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

EPSS

2024-06-18 06:00 AM
1
cvelist
cvelist

CVE-2024-5172 Expert Invoice <= 1.0.2 -Admin+ Stored XSS

The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

EPSS

2024-06-18 06:00 AM
1
cvelist
cvelist

CVE-2024-34024

Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or...

EPSS

2024-06-18 05:44 AM
2
cve
cve

CVE-2024-34024

Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or...

7.2AI Score

EPSS

2024-06-18 05:44 AM
2
cve
cve

CVE-2024-33620

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote...

6.8AI Score

EPSS

2024-06-18 05:44 AM
1
cvelist
cvelist

CVE-2024-33620

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote...

EPSS

2024-06-18 05:44 AM
1
cvelist
cvelist

CVE-2024-33622

Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated...

EPSS

2024-06-18 05:44 AM
1
cve
cve

CVE-2024-33622

Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated...

6.4AI Score

EPSS

2024-06-18 05:44 AM
2
cve
cve

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server...

7.8CVSS

7.3AI Score

EPSS

2024-06-18 05:43 AM
1
cvelist
cvelist

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server...

7.8CVSS

EPSS

2024-06-18 05:43 AM
1
cve
cve

CVE-2024-37080

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...

9.8CVSS

7.7AI Score

EPSS

2024-06-18 05:43 AM
1
cvelist
cvelist

CVE-2024-37080

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...

9.8CVSS

EPSS

2024-06-18 05:43 AM
cve
cve

CVE-2024-37079

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...

9.8CVSS

7.7AI Score

EPSS

2024-06-18 05:43 AM
1
cvelist
cvelist

CVE-2024-37079

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code...

9.8CVSS

EPSS

2024-06-18 05:43 AM
1
cvelist
cvelist

CVE-2023-5527 Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...

7.4CVSS

EPSS

2024-06-18 05:38 AM
cve
cve

CVE-2023-5527 Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...

7.4CVSS

7.3AI Score

EPSS

2024-06-18 05:38 AM
2
cve
cve

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level....

4.3CVSS

6.5AI Score

EPSS

2024-06-18 04:15 AM
4
nvd
nvd

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level....

4.3CVSS

EPSS

2024-06-18 04:15 AM
4
openbugbounty
openbugbounty

ehcanadatravel.com Cross Site Scripting vulnerability OBB-3936039

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:40 AM
5
openbugbounty
openbugbounty

efihardware.com Cross Site Scripting vulnerability OBB-3936038

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:38 AM
5
openbugbounty
openbugbounty

efhca.com Cross Site Scripting vulnerability OBB-3936037

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:37 AM
5
openbugbounty
openbugbounty

efficacemente.com Cross Site Scripting vulnerability OBB-3936036

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:36 AM
6
openbugbounty
openbugbounty

educativo.net Cross Site Scripting vulnerability OBB-3936034

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:34 AM
4
openbugbounty
openbugbounty

editorajc.com.br Cross Site Scripting vulnerability OBB-3936033

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:33 AM
5
openbugbounty
openbugbounty

easytourchina.com Cross Site Scripting vulnerability OBB-3936030

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:29 AM
5
openbugbounty
openbugbounty

eastmanjohnson.org Cross Site Scripting vulnerability OBB-3936029

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:28 AM
3
openbugbounty
openbugbounty

dugdalebros.com Cross Site Scripting vulnerability OBB-3936027

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:24 AM
4
openbugbounty
openbugbounty

drraoof.com Cross Site Scripting vulnerability OBB-3936025

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:18 AM
3
openbugbounty
openbugbounty

drdarjdental.com Cross Site Scripting vulnerability OBB-3936024

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:18 AM
4
openbugbounty
openbugbounty

dr-tschauder.de Cross Site Scripting vulnerability OBB-3936023

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-18 03:16 AM
3
nvd
nvd

CVE-2024-5541

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for...

5.3CVSS

EPSS

2024-06-18 03:15 AM
2
cve
cve

CVE-2024-5541

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for...

5.3CVSS

5.2AI Score

EPSS

2024-06-18 03:15 AM
2
cve
cve

CVE-2024-0845

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level.....

6.4CVSS

5.8AI Score

EPSS

2024-06-18 03:15 AM
1
cve
cve

CVE-2024-1634

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS

6.3AI Score

EPSS

2024-06-18 03:15 AM
2
nvd
nvd

CVE-2024-1634

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS

EPSS

2024-06-18 03:15 AM
4
nvd
nvd

CVE-2024-4375

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. This.....

6.4CVSS

EPSS

2024-06-18 03:15 AM
4
cve
cve

CVE-2024-4375

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. This.....

6.4CVSS

5.7AI Score

EPSS

2024-06-18 03:15 AM
3
nvd
nvd

CVE-2024-0845

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level.....

6.4CVSS

EPSS

2024-06-18 03:15 AM
3
cvelist
cvelist

CVE-2024-5860 Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level....

4.3CVSS

EPSS

2024-06-18 03:13 AM
3
cbl_mariner
cbl_mariner

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4. A patched version of the package is...

5.5CVSS

7.2AI Score

0.511EPSS

2024-06-18 03:09 AM
4
cbl_mariner
cbl_mariner

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

8CVSS

9.9AI Score

0.0004EPSS

2024-06-18 03:09 AM
20
cbl_mariner
cbl_mariner

CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

7.5CVSS

9.1AI Score

0.001EPSS

2024-06-18 03:09 AM
9
cbl_mariner
cbl_mariner

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

7.5CVSS

9.1AI Score

0.001EPSS

2024-06-18 03:09 AM
5
cbl_mariner
cbl_mariner

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5. A patched version of the package is...

5.3CVSS

6.3AI Score

0.001EPSS

2024-06-18 03:09 AM
16
cbl_mariner
cbl_mariner

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

6.5CVSS

7.3AI Score

0.001EPSS

2024-06-18 03:09 AM
7
cbl_mariner
cbl_mariner

CVE-2023-29403 affecting package golang for versions less than 1.20.7-1

CVE-2023-29403 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

7.8CVSS

7.3AI Score

0.001EPSS

2024-06-18 03:09 AM
11
Total number of security vulnerabilities3067159