Lucene search

K

Royal Elementor Addons (Elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets) Security Vulnerabilities

nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2183-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2183-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....

7.8CVSS

8.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0235)

The remote host is missing an update for...

6.1CVSS

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
almalinux
almalinux

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...

9CVSS

9.1AI Score

0.001EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1835)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1848)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0005EPSS

2024-06-25 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-2)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-2 advisory. grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-25 12:00 AM
1
nessus
nessus

EulerOS 2.0 SP11 : curl (EulerOS-SA-2024-1808)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum...

9.8AI Score

0.0004EPSS

2024-06-25 12:00 AM
1
packetstorm

7AI Score

0.0004EPSS

2024-06-25 12:00 AM
13
wpexploit
wpexploit

WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block

Description WordPress does not properly escape the "tagName" attribute in the "Template Part block" allowing high-privileged users to perform Stored Cross-Site Scripting (XSS)...

6AI Score

2024-06-25 12:00 AM
26
openbugbounty
openbugbounty

bistro-invitro.com Cross Site Scripting vulnerability OBB-3938488

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 11:38 PM
5
openbugbounty
openbugbounty

biggles-online.com Cross Site Scripting vulnerability OBB-3938487

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 11:22 PM
4
nvd
nvd

CVE-2024-22168

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

0.0004EPSS

2024-06-24 11:15 PM
6
cve
cve

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) &lt;= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods...

7.1AI Score

0.0004EPSS

2024-06-24 11:15 PM
8
cve
cve

CVE-2024-34992

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via...

7.2AI Score

0.0004EPSS

2024-06-24 11:15 PM
10
cve
cve

CVE-2024-36681

SQL Injection vulnerability in the module "Isotope" (pk_isotope) &lt;=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via pk_isotope::saveData and pk_isotope::removeData...

7.6AI Score

0.0004EPSS

2024-06-24 11:15 PM
7
cve
cve

CVE-2024-22168

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

6.2AI Score

0.0004EPSS

2024-06-24 11:15 PM
10
cve
cve

CVE-2024-36683

SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent...

7.6AI Score

0.0004EPSS

2024-06-24 11:15 PM
8
nvd
nvd

CVE-2024-36681

SQL Injection vulnerability in the module "Isotope" (pk_isotope) &lt;=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via pk_isotope::saveData and pk_isotope::removeData...

0.0004EPSS

2024-06-24 11:15 PM
3
nvd
nvd

CVE-2024-36683

SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent...

0.0004EPSS

2024-06-24 11:15 PM
4
nvd
nvd

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) &lt;= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods...

0.0004EPSS

2024-06-24 11:15 PM
4
nvd
nvd

CVE-2024-34992

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via...

0.0004EPSS

2024-06-24 11:15 PM
4
openbugbounty
openbugbounty

bookme.bylancer.com Cross Site Scripting vulnerability OBB-3938486

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 11:09 PM
4
vulnrichment
vulnrichment

CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

6.4AI Score

0.0004EPSS

2024-06-24 10:54 PM
cvelist
cvelist

CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...

0.0004EPSS

2024-06-24 10:54 PM
3
openbugbounty
openbugbounty

aquent.com Cross Site Scripting vulnerability OBB-3938484

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 10:48 PM
3
openbugbounty
openbugbounty

onlinecv.fr Cross Site Scripting vulnerability OBB-3938483

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 10:28 PM
5
openbugbounty
openbugbounty

blog.artsper.com Cross Site Scripting vulnerability OBB-3938482

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 10:16 PM
5
debiancve
debiancve

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
nvd
nvd

CVE-2024-6293

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-24 10:15 PM
10
nvd
nvd

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-24 10:15 PM
6
debiancve
debiancve

CVE-2024-6291

Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
3
nvd
nvd

CVE-2024-6291

Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-24 10:15 PM
4
cve
cve

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
15
cve
cve

CVE-2024-6291

Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
11
osv
osv

CVE-2024-6293

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.2AI Score

0.0004EPSS

2024-06-24 10:15 PM
debiancve
debiancve

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
1
cve
cve

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
12
debiancve
debiancve

CVE-2024-6293

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
cve
cve

CVE-2024-6293

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
22
nvd
nvd

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-24 10:15 PM
22
osv
osv

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.2AI Score

0.0004EPSS

2024-06-24 10:15 PM
osv
osv

CVE-2024-6291

Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.2AI Score

0.0004EPSS

2024-06-24 10:15 PM
osv
osv

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

7.2AI Score

0.0004EPSS

2024-06-24 10:15 PM
openbugbounty
openbugbounty

coopercomplete.com Cross Site Scripting vulnerability OBB-3938481

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 10:09 PM
4
ibm
ibm

Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)

Summary Vulnerability in Python could allow a remote attacker to cause a denial of service (CVE-2024-0450). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-0450 DESCRIPTION: **Python CPython is vulnerable to a denial of service, caused.....

6.2CVSS

7.3AI Score

0.0005EPSS

2024-06-24 10:05 PM
1
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-06-24 10:04 PM
1
mageia
mageia

Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise....

8.8CVSS

6.8AI Score

0.002EPSS

2024-06-24 10:04 PM
9
mageia
mageia

Updated chromium-browser-stable packages fix security vulnerabilities

High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04 High CVE-2024-6101: Inappropriate implementation in WebAssembly. Reported by @ginggilBesel on 2024-05-31 High CVE-2024-6102: Out of bounds memory...

8.8CVSS

7.5AI Score

0.001EPSS

2024-06-24 10:04 PM
7
mageia
mageia

Updated python-aiohttp packages fix security vulnerability

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following...

6.1CVSS

6AI Score

0.0004EPSS

2024-06-24 10:04 PM
6
cvelist
cvelist

CVE-2024-6293

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

0.0004EPSS

2024-06-24 09:46 PM
3
Total number of security vulnerabilities1799688