Lucene search

K

SIGMA Lite & Lite + Security Vulnerabilities

cve
cve

CVE-2024-37227

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-21 02:15 PM
5
nvd
nvd

CVE-2024-37227

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 02:15 PM
3
cve
cve

CVE-2024-37212

Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...

8.3CVSS

8.3AI Score

0.0004EPSS

2024-06-21 02:15 PM
5
nvd
nvd

CVE-2024-37212

Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...

8.3CVSS

0.0004EPSS

2024-06-21 02:15 PM
1
cvelist
cvelist

CVE-2024-37212 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - CSRF to PHP Object Injection vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...

8.3CVSS

0.0004EPSS

2024-06-21 01:45 PM
4
cvelist
cvelist

CVE-2024-37227 WordPress Newsletters plugin <= 4.9.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 01:40 PM
2
nvd
nvd

CVE-2024-5756

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied...

9.8CVSS

0.001EPSS

2024-06-21 05:15 AM
2
cve
cve

CVE-2024-5756

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied...

9.8CVSS

9.7AI Score

0.001EPSS

2024-06-21 05:15 AM
8
cvelist
cvelist

CVE-2024-5756 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied...

9.8CVSS

0.001EPSS

2024-06-21 04:34 AM
4
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.3AI Score

EPSS

2024-06-20 01:40 PM
2
nvd
nvd

CVE-2023-39993

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-19 01:15 PM
3
cve
cve

CVE-2023-39993

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-19 01:15 PM
19
vulnrichment
vulnrichment

CVE-2023-39993 WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-19 12:07 PM
cvelist
cvelist

CVE-2023-39993 WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-19 12:07 PM
3
nvd
nvd

CVE-2024-5574

The WP Magazine Modules Lite plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'blockLayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files...

7.5CVSS

0.001EPSS

2024-06-19 06:15 AM
2
cve
cve

CVE-2024-5574

The WP Magazine Modules Lite plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'blockLayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files...

7.5CVSS

7.8AI Score

0.001EPSS

2024-06-19 06:15 AM
11
cvelist
cvelist

CVE-2024-5574 WP Magazine Modules Lite <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion

The WP Magazine Modules Lite plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'blockLayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files...

7.5CVSS

0.001EPSS

2024-06-19 05:37 AM
2
nvd
nvd

CVE-2024-4450

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with.....

6.3CVSS

0.0004EPSS

2024-06-19 04:15 AM
3
cve
cve

CVE-2024-4450

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with.....

6.3CVSS

5.8AI Score

0.0004EPSS

2024-06-19 04:15 AM
13
nvd
nvd

CVE-2024-2381

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS

0.001EPSS

2024-06-19 04:15 AM
4
cve
cve

CVE-2024-2381

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS

8.9AI Score

0.001EPSS

2024-06-19 04:15 AM
15
cvelist
cvelist

CVE-2024-2381 AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS

0.001EPSS

2024-06-19 03:12 AM
2
cvelist
cvelist

CVE-2024-4450 AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Missing Authorization via Several Functions

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with.....

6.3CVSS

0.0004EPSS

2024-06-19 03:12 AM
4
nessus
nessus

CentOS 7 : bind, bind-dyndb-ldap, and dhcp (RHSA-2024:3741)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3741 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

7.5CVSS

8AI Score

0.05EPSS

2024-06-19 12:00 AM
6
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details ** CVEID: CVE-2022-46364 DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused...

9.8CVSS

10.1AI Score

EPSS

2024-06-18 02:01 PM
32
cvelist
cvelist

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-17 06:00 AM
2
vulnrichment
vulnrichment

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

5.8AI Score

0.0004EPSS

2024-06-17 06:00 AM
rocky
rocky

bind and dhcp security update

An update is available for dhcp, bind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain (BIND) is an implementation of the...

7.5CVSS

7.8AI Score

0.05EPSS

2024-06-14 01:59 PM
2
nessus
nessus

Rocky Linux 8 : bind and dhcp (RLSA-2024:3271)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3271 advisory. * bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator...

7.5CVSS

9.3AI Score

0.05EPSS

2024-06-14 12:00 AM
nvd
nvd

CVE-2024-37022

Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary...

7.8CVSS

0.001EPSS

2024-06-13 06:15 PM
2
cve
cve

CVE-2024-37022

Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-13 06:15 PM
23
nvd
nvd

CVE-2024-37029

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary...

7.8CVSS

0.001EPSS

2024-06-13 06:15 PM
1
cve
cve

CVE-2024-37029

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary...

7.8CVSS

8AI Score

0.001EPSS

2024-06-13 06:15 PM
22
cvelist
cvelist

CVE-2024-37022 Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write

Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary...

7.8CVSS

0.001EPSS

2024-06-13 05:25 PM
2
cvelist
cvelist

CVE-2024-37029 Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary...

7.8CVSS

0.001EPSS

2024-06-13 05:23 PM
3
vulnrichment
vulnrichment

CVE-2024-37029 Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-13 05:23 PM
1
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.8AI Score

EPSS

2024-06-13 03:35 PM
2
ics
ics

Fuji Electric Tellus Lite V-Simulator

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Out-of-Bound Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker...

7.8CVSS

8AI Score

0.001EPSS

2024-06-13 12:00 PM
2
cve
cve

CVE-2024-5787

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 06:15 AM
25
nvd
nvd

CVE-2024-5787

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

0.001EPSS

2024-06-13 06:15 AM
1
vulnrichment
vulnrichment

CVE-2024-5787 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-13 05:34 AM
2
cvelist
cvelist

CVE-2024-5787 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

0.001EPSS

2024-06-13 05:34 AM
1
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7AI Score

0.001EPSS

2024-06-13 12:00 AM
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7.8AI Score

0.001EPSS

2024-06-13 12:00 AM
1
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7.8AI Score

0.001EPSS

2024-06-13 12:00 AM
zdi
zdi

Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS

7.8AI Score

0.001EPSS

2024-06-13 12:00 AM
cve
cve

CVE-2024-3925

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-12 08:15 AM
24
nvd
nvd

CVE-2024-3925

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...

6.4CVSS

0.0004EPSS

2024-06-12 08:15 AM
2
cvelist
cvelist

CVE-2024-3925 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...

6.4CVSS

0.0004EPSS

2024-06-12 07:32 AM
3
cve
cve

CVE-2024-5892

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-12 06:15 AM
20
Total number of security vulnerabilities8301