Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through...
8.8CVSS
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...
8.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...
7.5CVSS
0.0004EPSS
CVE-2024-37233 WordPress Play.ht plugin <= 3.6.4 - Broken Access Control vulnerability
Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...
4.3CVSS
0.0004EPSS
CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...
8.6CVSS
0.0004EPSS
CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...
8.6CVSS
6.8AI Score
0.0004EPSS
CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...
10CVSS
0.0004EPSS
CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...
10CVSS
7.1AI Score
0.0004EPSS
Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...
7.5CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...
7.5CVSS
0.0004EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through...
9.9CVSS
0.0004EPSS
Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through...
8.8CVSS
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...
8.5CVSS
0.0004EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through...
9.9CVSS
9.6AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through...
9.9CVSS
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...
9CVSS
9.1AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...
9CVSS
0.0004EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through...
9.9CVSS
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...
9CVSS
0.0004EPSS
Insecure Direct Object Reference (IDOR)
jweiland/events2 is vulnerable to Insecure Direct Object Reference (IDOR). The vulnerability is due to missing access checks in the management plugin, which allows an attacker to activate or delete events without...
5.4CVSS
6.6AI Score
0.0004EPSS
The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting...
0.0004EPSS
The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious...
0.0004EPSS
The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious...
6.4AI Score
0.0004EPSS
The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting...
5.5AI Score
0.0004EPSS
CVE-2024-4899 SEOPress < 7.8 - Contributor+ Stored XSS
The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting...
0.0004EPSS
CVE-2024-4900 SEOPress < 7.8 - Contributor+ Open Redirect
The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious...
0.0004EPSS
Malicious code in @elza/auto-route-plugin (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c0394416e392791c5f23be36b82f8800fa29bfd1381f8be67c7362338279c0d2) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Oracle Linux 9 : libreswan (ELSA-2024-4050)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-4050 advisory. [4.12-2.0.1.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-2.1] - Fix CVE-2024-3652 (RHEL-40102) Tenable has extracted the preceding...
6.7AI Score
0.0004EPSS
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-643)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-643 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (CVE-2024-36905) In the Linux kernel, the following...
7.8AI Score
0.0004EPSS
Amazon Linux 2 : webkitgtk4 (ALAS-2024-2577)
The version of webkitgtk4 installed on the remote host is prior to 2.42.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2577 advisory. An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4,...
6.9AI Score
0.0005EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (RHSA-2024:4053)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4053 advisory. Affected components: * python-yaql: a library that contains a large set of commonly used functions * openstack-tripleo-heat-templates: Heat...
7AI Score
0.0004EPSS
Amazon Linux 2 : golang (ALAS-2024-2576)
The version of golang installed on the remote host is prior to 1.22.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2576 advisory. The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip...
9.8CVSS
8AI Score
0.001EPSS
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-646)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-646 advisory. The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file...
9.8CVSS
8AI Score
0.001EPSS
Amazon Linux 2 : qemu (ALAS-2024-2572)
The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2572 advisory. A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio- crypto), where the...
8.2CVSS
8.3AI Score
0.0004EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-072)
The version of kernel installed on the remote host is prior to 5.4.261-174.360. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-072 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related...
6.7AI Score
0.0004EPSS
CentOS 9 : kernel-5.14.0-467.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-467.el9 build changelog. In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not...
5.5CVSS
7.4AI Score
EPSS
WooCommerce 8.8.0 - 8.9.2 - Reflected XSS
Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...
5.4CVSS
5.4AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4f6c4c07-3179-11ef-9da5-1c697a616631 advisory. GNU Emacs developers report: Emacs 29.4 is an emergency bugfix release intended to fix a security...
7.5AI Score
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Hibernate vulnerability (USN-6845-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6845-1 advisory. It was discovered that Hibernate incorrectly handled certain inputs with unsanitized literals. If a user or an automated system were...
7.4CVSS
7.1AI Score
0.004EPSS
AlmaLinux 8 : python3.11 (ALSA-2024:4058)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4058 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...
7.8CVSS
8AI Score
0.0005EPSS
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2024-644)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-644 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, >, or...
6.1CVSS
6.4AI Score
0.001EPSS
Amazon Linux 2 : php (ALASPHP8.1-2024-005)
The version of php installed on the remote host is prior to 8.1.29-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2024-005 advisory. The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default),...
6.5CVSS
7.3AI Score
0.006EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-073)
The version of kernel installed on the remote host is prior to 5.4.149-73.259. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-073 advisory. A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a ...
7.8CVSS
8.5AI Score
0.003EPSS
Amazon Linux 2 : booth (ALAS-2024-2575)
The version of booth installed on the remote host is prior to 1.0-8.ef769ef.git. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2575 advisory. A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(),...
5.9CVSS
6.8AI Score
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gnome-settings-daemon (SUSE-SU-2024:2168-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2168-1 advisory. - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). Tenable has...
6.6AI Score
0.0004EPSS
Amazon Linux 2 : python-crypto (ALASANSIBLE2-2024-011)
It is, therefore, affected by a vulnerability as referenced in the ALAS2ANSIBLE2-2024-011 advisory. Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted...
9.8CVSS
8.3AI Score
0.014EPSS
WooCommerce 8.8.0 - 8.9.2 - Reflected XSS
Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...
5.4CVSS
5.4AI Score
0.0004EPSS
7.3AI Score
Amazon Linux 2 : python3-jinja2 (ALAS-2024-2573)
The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2573 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...
6.1CVSS
6.7AI Score
0.001EPSS
Oracle Linux 8 : python3.11 (ELSA-2024-4058)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4058 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...
7.8CVSS
7.5AI Score
0.0005EPSS