[SECURITY] Fedora 40 Update: rust-gst-plugin-reqwest-0.12.4-2.fc40
GStreamer reqwest HTTP Source...
7.4AI Score
[SECURITY] Fedora 40 Update: rust-gst-plugin-gtk4-0.12.5-2.fc40
GStreamer GTK 4 Sink element and Paintable...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-cargo-deny-0.14.21-2.fc40
Cargo plugin to help you manage large dependency...
7.3AI Score
FreeBSD : electron29 -- use after free in Dawn (04e78f32-04b2-4c23-bfae-72600842d317)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 04e78f32-04b2-4c23-bfae-72600842d317 advisory. Electron developers report: This update fixes the following vulnerability: Tenable has extracted the...
6.9AI Score
Debian dla-3821 : fonts-opensymbol - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3821 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3821-1 [email protected] ...
7.1AI Score
FreeBSD : electron28 -- multiple vulnerabilities (43d1c381-a3e5-4a1d-b3ed-f37b61a451af)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 43d1c381-a3e5-4a1d-b3ed-f37b61a451af advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...
7.2AI Score
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....
7AI Score
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
6.4CVSS
6AI Score
0.001EPSS
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
5.9AI Score
0.001EPSS
The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
6AI Score
0.0004EPSS
Wordpress Hash Form – Drag & Drop Form Builder <= 1.1.0 -...
8.5AI Score
0.001EPSS
The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6AI Score
0.0004EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
6AI Score
0.001EPSS
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to...
5.3CVSS
6.7AI Score
0.001EPSS
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to...
5.2AI Score
0.001EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.9AI Score
0.001EPSS
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and....
6.4CVSS
6.1AI Score
0.001EPSS
CVE-2024-5220 ND Shortcodes <= 7.5 - Authenticated (Author+) Stored Cross-Site Scripting
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and....
6AI Score
0.001EPSS
Oracle Linux 9 : kernel (ELSA-2024-3306)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3306 advisory. [5.14.0-427.18.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya...
6.7AI Score
SUSE SLES15 Security Update : python3 (SUSE-SU-2024:1774-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1774-1 advisory. - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). -...
7.6AI Score
openSUSE 15 Security Update : qt6-networkauth (openSUSE-SU-2024:0138-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0138-1 advisory. - CVE-2024-36048: Fixed data race and poor seeding in generateRandomString() (boo#1224782). Tenable has extracted the preceding description block...
7.4AI Score
Fedora 39 : dotnet7.0 (2024-3136a71490)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3136a71490 advisory. This is the May 2024 security update for .NET 7. This is the last upstream release of .NET 7. After this update, .NET 7 reaches its End of Life (EOL). Full...
7.4AI Score
Fedora 39 : mingw-libxml2 (2024-4862425658)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4862425658 advisory. Update to 2.12.7 (RHBZ#2280535, CVE-2024-34459) Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
7.4AI Score
Debian dla-3819 : fossil - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3819 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3819-1 [email protected] ...
6.7AI Score
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f5fa174d-19de-11ef-83d8-4ccc6adda413 advisory. Andy Shaw reports: The OAuth1 implementation in QtNetworkAuth created nonces using a...
7.2AI Score
Fedora 40 : crosswords / libipuz (2024-e4717532c4)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-e4717532c4 advisory. crosswords 0.3.13 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
7.4AI Score
Fedora 40 : perl-Email-MIME (2024-032e16360b)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-032e16360b advisory. This update, to the latest upstream release, addresses an excessive memory use issue (CVE-2024-4140), which can cause denial of service when parsing...
7.3AI Score
Fedora 40 : mingw-libxml2 (2024-9ffc6cc7bf)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9ffc6cc7bf advisory. Update to 2.12.7 (RHBZ#2280535, CVE-2024-34459) Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
7.4AI Score
Debian dla-3818 : apache2 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3818 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3818-1 [email protected] ...
7.5AI Score
SUSE SLES15 Security Update : libfastjson (SUSE-SU-2024:1775-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1775-1 advisory. - CVE-2020-12762: Fixed integer overflow and out-of-bounds write via a large JSON file (bsc#1171479). Tenable has extracted the preceding...
7.7AI Score
Fedora 39 : crosswords / libipuz (2024-4d785e16a2)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-4d785e16a2 advisory. crosswords 0.3.13 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
7.4AI Score
Debian dla-3820 : bluetooth - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3820 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3820-1 [email protected] ...
7.3AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ucode-intel (SUSE-SU-2024:1771-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1771-1 advisory. Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed...
7.8AI Score
Fedora 39 : perl-Email-MIME (2024-38fb541a75)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-38fb541a75 advisory. This update, to the latest upstream release, addresses an excessive memory use issue (CVE-2024-4140), which can cause denial of service when parsing...
7.3AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql15 (SUSE-SU-2024:1777-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1777-1 advisory. PostgreSQL upgrade to version 15.7 (bsc#1224051): - CVE-2024-4317: Fixed visibility restriction of...
7.4AI Score
Jenkins Report Info Plugin Path Traversal vulnerability
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permission....
6.6AI Score
0.0004EPSS
Jenkins Report Info Plugin Path Traversal vulnerability
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permission....
6.6AI Score
0.0004EPSS
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by.....
7.2AI Score
0.0004EPSS
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by.....
7AI Score
0.0004EPSS
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
7.2CVSS
6.3AI Score
0.001EPSS
CVE-2024-4455 YITH WooCommerce Ajax Search <= 2.4.0 - Unauthenticated Stored Cross-Site Scripting
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
6.2AI Score
0.001EPSS
The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...
6.5CVSS
8.1AI Score
0.001EPSS
CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution
The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...
7.8AI Score
0.001EPSS
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
6.1AI Score
0.0004EPSS
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through...
6.9AI Score
0.0004EPSS
The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the save_bulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update...
4.3CVSS
6.8AI Score
0.0004EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...
6.4CVSS
6AI Score
0.001EPSS
The LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
6AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...
6.4CVSS
6AI Score
0.001EPSS