SIGMA Lite & Lite + Security Vulnerabilities
When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if...
9.8CVSS
9.7AI Score
0.001EPSS
The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted...
9.8CVSS
9.7AI Score
0.002EPSS
During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted ...
9.8CVSS
9.7AI Score
0.002EPSS
The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted...
9.8CVSS
9.8AI Score
0.002EPSS
By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the...
7.5CVSS
7.4AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-3419)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were.....
9.8CVSS
9.6AI Score
EPSS
8.1CVSS
9.7AI Score
0.0005EPSS
9.8CVSS
9.3AI Score
0.001EPSS
9.8CVSS
0.001EPSS
9.8CVSS
7.2AI Score
0.001EPSS
SQLi vulnerability in LMS Lite component for...
9.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-3391)
The remote host is missing an update for the Huawei...
7.5CVSS
8.1AI Score
0.001EPSS
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject...
6.4CVSS
5.9AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-3323)
The remote host is missing an update for the Huawei...
7.5CVSS
8AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-3291)
The remote host is missing an update for the Huawei...
7.5CVSS
8AI Score
0.002EPSS
The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14754 advisory. A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3,...
7.5CVSS
7.6AI Score
0.001EPSS
Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload
Description The Symbiostock – Sell Photos Online For Free! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with shop manager-level access and above, to.....
7.2CVSS
7.6AI Score
0.001EPSS
Abandoned Cart Lite for WooCommerce < 5.16.2 - Missing Authorization via multiple AJAX functions
Description The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 5.16.1. This makes it possible for authenticated attackers,...
6.7AI Score
EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were.....
9.8CVSS
9.6AI Score
EPSS
Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
Description The plugin does not disallow listing the backups-dup-lite/tmp directory (or the backups-dup-pro/tmp directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to...
7.5CVSS
8.7AI Score
0.013EPSS
Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
Description The plugin does not disallow listing the backups-dup-lite/tmp directory (or the backups-dup-pro/tmp directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to...
7.5CVSS
8.8AI Score
0.013EPSS
Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
Description The plugin does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the...
9.8CVSS
7.1AI Score
0.172EPSS
Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
Description The plugin does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server PoC To download /etc/passwd: curl...
9.8CVSS
6.8AI Score
0.172EPSS
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 115 vulnerabilities disclosed in 87 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence...
9.8CVSS
10AI Score
EPSS
Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through...
8.8CVSS
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through...
5.4CVSS
8.9AI Score
0.001EPSS
The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate.....
8.1CVSS
5AI Score
0.0004EPSS
League Table < 1.14 - Tables Cloning/Update/Deletion via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the view/tables.php file. This makes it possible for unauthenticated attackers to clone, edit, update, and delete tables via a forged request granted they can trick a site...
8.8CVSS
8.5AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export
Description The plugin does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API...
4.3CVSS
8.6AI Score
0.0004EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
Fuji Electric Tellus Lite Incorrect Default Permissions Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Fuji Electric Tellus Lite. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product....
8.8CVSS
7.5AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.001EPSS
Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export
Description The plugin does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. PoC curl --url...
4.3CVSS
8.5AI Score
0.0004EPSS
WordPress Abandoned Cart Lite for WooCommerce Plugin < 5.15.2 Authentication Bypass Vulnerability
The WordPress...
9.8CVSS
7AI Score
0.002EPSS