Lucene search

K

Qubely – Advanced Gutenberg Blocks Security Vulnerabilities

nessus
nessus

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...

7.8CVSS

7.2AI Score

EPSS

2024-05-15 12:00 AM
11
nvd
nvd

CVE-2024-4666

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-14 11:15 PM
cve
cve

CVE-2024-4666

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-14 11:15 PM
3
cvelist
cvelist

CVE-2024-4666 Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

6AI Score

0.001EPSS

2024-05-14 10:31 PM
krebs
krebs

Patch Tuesday, May 2024 Edition

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users,...

8.8CVSS

8.4AI Score

0.008EPSS

2024-05-14 08:19 PM
30
cve
cve

CVE-2024-3579

Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's...

6.2AI Score

0.0004EPSS

2024-05-14 04:17 PM
24
nvd
nvd

CVE-2024-3579

Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's...

5.9AI Score

0.0004EPSS

2024-05-14 04:17 PM
cve
cve

CVE-2024-3241

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.8AI Score

0.0004EPSS

2024-05-14 04:17 PM
30
nvd
nvd

CVE-2024-3241

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.5AI Score

0.0004EPSS

2024-05-14 04:17 PM
nvd
nvd

CVE-2023-46280

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-05-14 04:15 PM
cve
cve

CVE-2023-46280

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-14 04:15 PM
33
cve
cve

CVE-2024-4693

A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the...

5.5CVSS

6.2AI Score

0.0004EPSS

2024-05-14 03:44 PM
31
cve
cve

CVE-2024-4545

All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have...

7.7CVSS

6.7AI Score

0.0004EPSS

2024-05-14 03:44 PM
5
nvd
nvd

CVE-2024-4545

All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have...

7.7CVSS

7.5AI Score

0.0004EPSS

2024-05-14 03:44 PM
cve
cve

CVE-2024-4481

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 03:43 PM
5
nvd
nvd

CVE-2024-4481

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2024-4448

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and including, 5.9.19....

6.5CVSS

5.7AI Score

0.001EPSS

2024-05-14 03:43 PM
10
nvd
nvd

CVE-2024-4448

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and including, 5.9.19....

6.5CVSS

6AI Score

0.001EPSS

2024-05-14 03:43 PM
nvd
nvd

CVE-2024-4446

The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2024-4446

The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitization and...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 03:43 PM
2
cve
cve

CVE-2024-4335

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

6.1AI Score

0.0004EPSS

2024-05-14 03:43 PM
33
nvd
nvd

CVE-2024-4335

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:43 PM
nvd
nvd

CVE-2024-4316

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input.....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2024-4316

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 03:43 PM
3
cve
cve

CVE-2024-4209

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

6.1AI Score

0.001EPSS

2024-05-14 03:43 PM
3
nvd
nvd

CVE-2024-4209

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-14 03:43 PM
nvd
nvd

CVE-2024-3952

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-14 03:42 PM
cve
cve

CVE-2024-3952

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-14 03:42 PM
2
cve
cve

CVE-2024-3727

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other...

8.3CVSS

5.8AI Score

0.0004EPSS

2024-05-14 03:42 PM
68
nvd
nvd

CVE-2024-3239

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.6AI Score

0.0004EPSS

2024-05-14 03:40 PM
cve
cve

CVE-2024-3239

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.8AI Score

0.0004EPSS

2024-05-14 03:40 PM
26
cve
cve

CVE-2024-35169

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through...

5.9CVSS

6.6AI Score

0.0004EPSS

2024-05-14 03:39 PM
18
nvd
nvd

CVE-2024-35169

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through...

5.9CVSS

6.1AI Score

0.0004EPSS

2024-05-14 03:39 PM
cve
cve

CVE-2024-34351

Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests...

7.5CVSS

6.4AI Score

0.001EPSS

2024-05-14 03:38 PM
99
osv
osv

CVE-2024-34351

Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests...

7.5CVSS

6.3AI Score

0.001EPSS

2024-05-14 03:38 PM
8
nvd
nvd

CVE-2024-34351

Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests...

7.5CVSS

7.4AI Score

0.001EPSS

2024-05-14 03:38 PM
cve
cve

CVE-2024-34350

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses....

7.5CVSS

6.6AI Score

0.0004EPSS

2024-05-14 03:38 PM
48
nvd
nvd

CVE-2024-34350

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses....

7.5CVSS

7.4AI Score

0.0004EPSS

2024-05-14 03:38 PM
cve
cve

CVE-2024-2290

The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter. This makes it possible for authenticated attackers to inject a PHP Object. No POP chain is present in...

7.2CVSS

9.3AI Score

0.001EPSS

2024-05-14 03:18 PM
4
nvd
nvd

CVE-2024-2290

The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter. This makes it possible for authenticated attackers to inject a PHP Object. No POP chain is present in...

7.2CVSS

7.3AI Score

0.001EPSS

2024-05-14 03:18 PM
cve
cve

CVE-2023-6327

The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products...

5.3CVSS

6.5AI Score

0.001EPSS

2024-05-14 02:33 PM
25
githubexploit
githubexploit

Exploit for CVE-2024-27956

WordPress Admin Account Creation and Reverse Shell...

9.9CVSS

10AI Score

0.001EPSS

2024-05-14 02:21 PM
221
githubexploit
githubexploit

Exploit for CVE-2024-27956

WordPress Admin Account Creation and Reverse Shell...

9.9CVSS

10AI Score

0.001EPSS

2024-05-14 02:21 PM
224
talosblog
talosblog

Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities

Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to combat cybersecurity threats facing civil society organizations. Talos has partnered with CISA on several initiatives through the Joint Cyber Defense...

7.4AI Score

2024-05-14 12:42 PM
5
hackread
hackread

Kaspersky Reveals Global Rise in APTs, Hacktivism and Targeted Attacks

By Waqas Kaspersky's Global Research and Analysis Team (GReAT) has released its latest quarterly report (Q1 2024) on the advanced persistent threat (APT) activity, highlighting several key trends in the threat and risk environment. This is a post from HackRead.com Read the original post: Kaspersky....

7.3AI Score

2024-05-14 12:14 PM
6
thn
thn

6 Mistakes Organizations Make When Deploying Advanced Authentication

Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of...

7.1AI Score

2024-05-14 10:51 AM
3
cvelist
cvelist

CVE-2023-46280

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-05-14 10:01 AM
1
vulnrichment
vulnrichment

CVE-2023-46280

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-05-14 10:01 AM
vulnrichment
vulnrichment

CVE-2024-3579 XSS in Online Shopping System Advanced

Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's...

6.2AI Score

0.0004EPSS

2024-05-14 08:51 AM
1
cvelist
cvelist

CVE-2024-3579 XSS in Online Shopping System Advanced

Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's...

6.1AI Score

0.0004EPSS

2024-05-14 08:51 AM
Total number of security vulnerabilities39003