The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,....
6.4CVSS
5.9AI Score
0.0004EPSS
The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,....
6.4CVSS
6AI Score
0.0004EPSS
mooSocial v.3.1.8 - Cross-Site Scripting
Cross-Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login...
6.1CVSS
5.9AI Score
0.013EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: >...
9.6CVSS
7.6AI Score
0.398EPSS
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it possible for...
6.4CVSS
5.7AI Score
0.001EPSS
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it possible for...
6.4CVSS
5.9AI Score
0.001EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....
6.4CVSS
5.9AI Score
0.0004EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....
6.4CVSS
5.7AI Score
0.0004EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....
6.4CVSS
6.4AI Score
0.0004EPSS
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....
6.4CVSS
5.8AI Score
0.0004EPSS
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it possible for...
6.4CVSS
6.3AI Score
0.001EPSS
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it possible for...
6.4CVSS
5.8AI Score
0.001EPSS
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
6.4CVSS
5.7AI Score
0.001EPSS
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
6.4CVSS
5.9AI Score
0.001EPSS
The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.9AI Score
0.001EPSS
The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1612)
The remote host is missing an update for the Huawei...
6.5CVSS
7.1AI Score
0.963EPSS
9.1CVSS
7.1AI Score
0.002EPSS
EulerOS Virtualization 2.11.0 : libssh (EulerOS-SA-2024-1628)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.8AI Score
0.963EPSS
MC Woocommerce Wishlist < 1.7.3 - Missing Authorization
Description The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.2. This makes it possible for...
5.3CVSS
7AI Score
0.0004EPSS
Important: .NET 7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19....
6.3CVSS
7.3AI Score
0.0005EPSS
Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : .NET vulnerabilities (USN-6773-1)
The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6773-1 advisory. .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2024-30045) Visual Studio Denial of Service Vulnerability...
6.3CVSS
8.3AI Score
0.0005EPSS
Description The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the settings_page() function. This...
4.3CVSS
6.6AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1631)
The remote host is missing an update for the Huawei...
6.5CVSS
7.1AI Score
0.963EPSS
EulerOS Virtualization 2.11.1 : libssh (EulerOS-SA-2024-1609)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.8AI Score
0.963EPSS
Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1628)
The remote host is missing an update for the Huawei...
5.9CVSS
7.1AI Score
0.963EPSS
EulerOS Virtualization 2.11.0 : openssh (EulerOS-SA-2024-1631)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
6.5CVSS
8.3AI Score
0.963EPSS
FreeBSD : Intel CPUs -- multiple vulnerabilities (5afd64ae-122a-11ef-8eed-1c697a616631)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5afd64ae-122a-11ef-8eed-1c697a616631 advisory. Intel reports: Potential security vulnerabilities in some Intel Trust Domain ...
7.9CVSS
7.7AI Score
0.0004EPSS
Amazon Linux 2 : cni-plugins (ALAS-2024-2543)
The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2543 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many...
5.3CVSS
7.2AI Score
0.001EPSS
Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping....
6.4CVSS
5.8AI Score
0.001EPSS
Description The ShopBuilder – Elementor WooCommerce Builder Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.9AI Score
0.0004EPSS
EulerOS Virtualization 2.11.1 : python-paramiko (EulerOS-SA-2024-1616)
According to the versions of the python-paramiko package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows...
5.9CVSS
7.8AI Score
0.963EPSS
9.1CVSS
9.4AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1629)
The remote host is missing an update for the Huawei...
5.9CVSS
7.1AI Score
0.963EPSS
Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1609)
The remote host is missing an update for the Huawei...
5.9CVSS
7.1AI Score
0.963EPSS
EulerOS Virtualization 2.11.0 : python-paramiko (EulerOS-SA-2024-1635)
According to the versions of the python-paramiko package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows...
5.9CVSS
7.8AI Score
0.963EPSS
Description The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.9CVSS
5.9AI Score
0.0004EPSS
Oracle Linux 9 : .NET / 8.0 (ELSA-2024-2842)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2842 advisory. Visual Studio Denial of Service Vulnerability (CVE-2024-30046) .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2024-30045) Note...
6.3CVSS
8.1AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1610)
The remote host is missing an update for the Huawei...
5.9CVSS
7.1AI Score
0.963EPSS
Ultimate Store Kit Elementor Addons <= 1.6.2 - Unauthenticated PHP Object Injection
Description The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.2 via deserialization of untrusted...
5.4CVSS
7.7AI Score
0.0004EPSS
Oracle Linux 9 : .NET / 7.0 (ELSA-2024-2843)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2843 advisory. .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2024-30045) Visual Studio Denial of Service Vulnerability (CVE-2024-30046) Note...
6.3CVSS
8.1AI Score
0.0005EPSS
Description The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.5CVSS
5.5AI Score
0.0004EPSS
RHEL 9 : .NET 7.0 (RHSA-2024:2843)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2843 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
6.3CVSS
6.9AI Score
0.0005EPSS
Gutenify < 1.4.1 - Unauthenticated Sensitive Information Exposure
Description The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1616)
The remote host is missing an update for the Huawei...
5.9CVSS
7.1AI Score
0.963EPSS
EulerOS Virtualization 2.11.0 : libssh2 (EulerOS-SA-2024-1629)
According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.8AI Score
0.963EPSS
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1635)
The remote host is missing an update for the Huawei...
5.9CVSS
7.1AI Score
0.963EPSS
EulerOS Virtualization 2.11.1 : libssh2 (EulerOS-SA-2024-1610)
According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.8AI Score
0.963EPSS
EulerOS Virtualization 2.11.1 : openssh (EulerOS-SA-2024-1612)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
6.5CVSS
8.3AI Score
0.963EPSS
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
6.4CVSS
5.8AI Score
0.001EPSS