Lucene search

K

Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics “Barcelo-R” Security Vulnerabilities

cvelist
cvelist

CVE-2024-31162 ASUS Download Master - OS Command Injection

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the...

7.2CVSS

0.001EPSS

2024-06-14 06:35 AM
2
cve
cve

CVE-2024-4271

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

5.5AI Score

0.0004EPSS

2024-06-14 06:15 AM
12
cve
cve

CVE-2024-4270

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

5.5AI Score

0.0004EPSS

2024-06-14 06:15 AM
12
nvd
nvd

CVE-2024-4271

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

0.0004EPSS

2024-06-14 06:15 AM
4
nvd
nvd

CVE-2024-4270

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

0.0004EPSS

2024-06-14 06:15 AM
4
nvd
nvd

CVE-2024-4404

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating....

8.5CVSS

0.0005EPSS

2024-06-14 06:15 AM
4
cve
cve

CVE-2024-4404

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating....

8.5CVSS

8.3AI Score

0.0005EPSS

2024-06-14 06:15 AM
11
nvd
nvd

CVE-2024-3978

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-14 06:15 AM
5
cve
cve

CVE-2024-3978

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.6AI Score

0.0004EPSS

2024-06-14 06:15 AM
11
nvd
nvd

CVE-2024-2122

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

0.0004EPSS

2024-06-14 06:15 AM
3
cve
cve

CVE-2024-2122

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-14 06:15 AM
11
nvd
nvd

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...

0.0004EPSS

2024-06-14 06:15 AM
2
cve
cve

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...

6.4AI Score

0.0004EPSS

2024-06-14 06:15 AM
15
veracode
veracode

Improper Authentication

github.com/rancher/rancher is vulnerable to Improper Authentication. The vulnerability is due to the default admin user being recreated with a well-known password after Rancher...

9.8CVSS

6.8AI Score

0.003EPSS

2024-06-14 06:12 AM
vulnrichment
vulnrichment

CVE-2024-4271 SVGator <= 1.2.6 - Stored XSS via SVG Upload

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

5.9AI Score

0.0004EPSS

2024-06-14 06:00 AM
cvelist
cvelist

CVE-2024-4271 SVGator <= 1.2.6 - Stored XSS via SVG Upload

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

0.0004EPSS

2024-06-14 06:00 AM
2
cvelist
cvelist

CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

0.0004EPSS

2024-06-14 06:00 AM
3
vulnrichment
vulnrichment

CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

5.8AI Score

0.0004EPSS

2024-06-14 06:00 AM
cvelist
cvelist

CVE-2024-3978 WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-14 06:00 AM
2
cvelist
cvelist

CVE-2024-1295 The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...

0.0004EPSS

2024-06-14 06:00 AM
2
veracode
veracode

Information Disclosure

github.com/cilium/cilium is vulnerable to Information Disclosure. The vulnerability is due to the output of cilium-bugtool containing sensitive data when the tool is run with the --envoy-dump flag in deployments where the Envoy proxy is enabled. Attackers who gain access to this output could...

7.9CVSS

6.8AI Score

0.0004EPSS

2024-06-14 05:46 AM
1
cvelist
cvelist

CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating....

8.5CVSS

0.0005EPSS

2024-06-14 05:39 AM
2
vulnrichment
vulnrichment

CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating....

8.5CVSS

6.7AI Score

0.0005EPSS

2024-06-14 05:39 AM
1
cvelist
cvelist

CVE-2024-2122 FooGallery <= 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

0.0004EPSS

2024-06-14 05:39 AM
2
cve
cve

CVE-2024-1094

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS

7AI Score

0.0005EPSS

2024-06-14 05:15 AM
14
nvd
nvd

CVE-2024-1094

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS

0.0005EPSS

2024-06-14 05:15 AM
1
vulnrichment
vulnrichment

CVE-2024-1094 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS

7AI Score

0.0005EPSS

2024-06-14 04:36 AM
cvelist
cvelist

CVE-2024-1094 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS

0.0005EPSS

2024-06-14 04:36 AM
4
mageia
mageia

Updated golang packages fix security vulnerabilities

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

6.3AI Score

0.0004EPSS

2024-06-14 04:31 AM
4
thn
thn

Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns

Microsoft on Thursday revealed that it's delaying the rollout of the controversial artificial intelligence (AI)-powered Recall feature for Copilot+ PCs. To that end, the company said it intends to shift from general availability to a preview available first in the Windows Insider Program (WIP) in.....

6.7AI Score

2024-06-14 04:30 AM
3
nvd
nvd

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

0.001EPSS

2024-06-14 04:15 AM
3
nvd
nvd

CVE-2024-31160

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting...

4.8CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cve
cve

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

7.3AI Score

0.001EPSS

2024-06-14 04:15 AM
10
cve
cve

CVE-2024-31160

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting...

4.8CVSS

5.1AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
cve
cve

CVE-2024-31159

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting...

4.8CVSS

5.2AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
nvd
nvd

CVE-2024-31159

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting...

4.8CVSS

0.0004EPSS

2024-06-14 04:15 AM
3
cve
cve

CVE-2024-27180

An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference...

6.7CVSS

7AI Score

0.0004EPSS

2024-06-14 04:15 AM
15
nvd
nvd

CVE-2024-27180

An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference...

6.7CVSS

0.0004EPSS

2024-06-14 04:15 AM
3
cve
cve

CVE-2024-27178

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...

7.2CVSS

7.9AI Score

0.0004EPSS

2024-06-14 04:15 AM
11
nvd
nvd

CVE-2024-27178

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...

7.2CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
nvd
nvd

CVE-2024-27177

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower...

7.2CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cve
cve

CVE-2024-27177

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower...

7.2CVSS

7.8AI Score

0.0004EPSS

2024-06-14 04:15 AM
11
cve
cve

CVE-2024-27176

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than.....

7.2CVSS

7.9AI Score

0.0004EPSS

2024-06-14 04:15 AM
11
nvd
nvd

CVE-2024-27176

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than.....

7.2CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cve
cve

CVE-2024-27174

Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this...

9.8CVSS

7.7AI Score

0.0004EPSS

2024-06-14 04:15 AM
12
nvd
nvd

CVE-2024-27173

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...

9.8CVSS

0.0004EPSS

2024-06-14 04:15 AM
3
cve
cve

CVE-2024-27173

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...

9.8CVSS

8AI Score

0.0004EPSS

2024-06-14 04:15 AM
11
nvd
nvd

CVE-2024-27174

Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this...

9.8CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
nvd
nvd

CVE-2024-27170

It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference...

7.4CVSS

0.0004EPSS

2024-06-14 04:15 AM
5
cve
cve

CVE-2024-27170

It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-14 04:15 AM
11
Total number of security vulnerabilities812977