The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and...
8.8CVSS
8.9AI Score
0.001EPSS
Description The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user...
5.4CVSS
5AI Score
0.0004EPSS
Description The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘pp_animated_gradient_bg_color’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization.....
6.4CVSS
5.8AI Score
0.001EPSS
Essential Addons for Elementor < 5.9.22 - Contributor+ Stored Cross-Site Scripting via Twitter Feed
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Feed component in all versions up to, and including, 5.9.21 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.001EPSS
Testimonial Carousel For Elementor <= 10.2.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions...
6.4CVSS
5.7AI Score
0.0004EPSS
Description The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied.....
6.4CVSS
5.7AI Score
0.0004EPSS
WPB Elementor Addons < 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it...
6.4CVSS
5.8AI Score
0.0004EPSS
[7.0.119-1.0.1] - Add support for Oracle Linux [7.0.119-1] - Update to .NET SDK 7.0.119 and Runtime 7.0.19 - Resolves: RHEL-35313 [7.0.118-2] - Update to .NET SDK 7.0.118 and Runtime 7.0.18 - Resolves:...
6.3CVSS
6.8AI Score
0.0005EPSS
[8.0.105-1.0.1] - Add support for Oracle Linux [8.0.105-1] - Update to .NET SDK 8.0.105 and Runtime 8.0.5 - Resolves:...
6.3CVSS
7.2AI Score
0.0005EPSS
Description The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.8AI Score
0.001EPSS
Oracle Linux 8 : .NET / 7.0 (ELSA-2024-3340)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3340 advisory. [7.0.119-1.0.1] - Add support for Oracle Linux [7.0.119-1] - Update to .NET SDK 7.0.119 and Runtime 7.0.19 - Resolves: RHEL-35313 [7.0.118-2] - Update...
6.3CVSS
6.8AI Score
0.0005EPSS
Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API...
7.5CVSS
7.4AI Score
0.008EPSS
MStore API < 3.9.8 - SQL Injection
The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the product_id...
9.8CVSS
9.9AI Score
0.059EPSS
Oracle Linux 8 : perl:5.32 (ELSA-2024-3128)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3128 advisory. perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 ...
7.8CVSS
6.7AI Score
0.0004EPSS
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-629)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-629 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and...
7AI Score
0.0004EPSS
Amazon Linux 2023 : oci-add-hooks (ALAS2023-2024-632)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-632 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP...
5.3CVSS
7AI Score
0.001EPSS
Oracle Linux 8 : container-tools:ol8 (ELSA-2024-2988)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2988 advisory. The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type...
7.5CVSS
7.1AI Score
0.963EPSS
Description The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient...
6.4CVSS
5.8AI Score
0.0004EPSS
Unlimited Elements for Elementor < 1.5.91 - Contributor+ Remote Code Execution via template import
Description The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor...
8.8CVSS
7.3AI Score
0.001EPSS
Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2024-631)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-631 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP...
5.3CVSS
7AI Score
0.001EPSS
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
7.2AI Score
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
7.2AI Score
silverstripe/framework's `Member.Name` is not escaped
The core template framework/templates/Includes/GridField_print.ss uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected....
6.9AI Score
silverstripe/framework's `Member.Name` is not escaped
The core template framework/templates/Includes/GridField_print.ss uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected....
6.9AI Score
Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...
6.4AI Score
Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets
The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to...
7.6AI Score
Fedora: Security Advisory for php-tcpdf (FEDORA-2024-27eafd0e65)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
Fedora: Security Advisory for opensmtpd (FEDORA-2024-28fde3feb7)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0004EPSS
DedeCMS 5.7.87 - Directory Traversal
Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath...
5.3CVSS
5.2AI Score
0.037EPSS
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....
7AI Score
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
6.4CVSS
5.7AI Score
0.001EPSS
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
6.4CVSS
5.9AI Score
0.001EPSS
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
6.4CVSS
5.9AI Score
0.001EPSS
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
6.4CVSS
5.8AI Score
0.001EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.7AI Score
0.001EPSS
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to...
5.3CVSS
6.6AI Score
0.001EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.9AI Score
0.001EPSS
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to...
5.3CVSS
5.5AI Score
0.001EPSS
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to...
5.3CVSS
5.5AI Score
0.001EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.8AI Score
0.001EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.9AI Score
0.001EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ucode-intel (SUSE-SU-2024:1771-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1771-1 advisory. Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed...
7.9CVSS
7.8AI Score
0.0004EPSS
Atlassian Confluence Data Center and Server - Remote Code Execution
Detects a Remote Code Execution vulnerability in Confluence Data Center and Server versions prior to X.X (affected versions). This issue allows authenticated attackers to execute arbitrary...
8.8CVSS
9AI Score
0.511EPSS
FleetCart 4.1.1 - Information Disclosure
Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay"...
5.3CVSS
6.7AI Score
0.001EPSS
Pug allows JavaScript code execution if an application accepts untrusted input
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
7.3AI Score
EPSS
Pug allows JavaScript code execution if an application accepts untrusted input
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...
7.6AI Score
EPSS
shopware/shopware vulnerable to Remote Code Execution. The vulnerability is due to improper handling of templates that do not derive from the Shopware standard, allowing execution of unauthorized foreign...
7.6AI Score
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...
6.4CVSS
5.7AI Score
0.001EPSS
The LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
5.7AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...
6.4CVSS
5.7AI Score
0.001EPSS