Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through...
7.1CVSS
7.2AI Score
0.0004EPSS
An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the self.replica_urls set through the X-Direct-Url header in requests to the / and /config routes, allowing the...
7.3CVSS
7.1AI Score
0.0004EPSS
Hubbub Lite – Fast, Reliable Social Network Sharing Buttons < 1.33.2 - PHP Object Injection
Description The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpsp_maybe_unserialize' function. This makes it possible for authenticated...
7.5CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate...
7.1CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate...
7.1CVSS
6.9AI Score
0.0004EPSS
CVE-2023-28687 Reflected Cross-Site Scripting (XSS) vulnerability in multiple WordPress themes
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate...
7.1CVSS
7.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Stored XSS.This issue affects WP-Lister Lite for Amazon: from n/a through...
5.9CVSS
9.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Stored XSS.This issue affects WP-Lister Lite for Amazon: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Stored XSS.This issue affects WP-Lister Lite for Amazon: from n/a through...
5.9CVSS
5.9AI Score
0.0004EPSS
This Week in Spring - March 26th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Sam Brannen shares some good news: a null-safe Index operator for the Spring Expression Language (SpEL) is coming to Spring Framework 6.2! This is interesting, and a nice application of AI (do I even need to spell out...
7.2AI Score
6.8AI Score
0.0004EPSS
libnet-cidr-lite-perl vulnerability
It was discovered that Net::CIDR::Lite incorrectly handled extra zero characters at the beginning of IP address strings. A remote attacker could possibly use this issue to bypass access...
6.9AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.
Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2015-8383, CVE-2015-8381, CVE-2015-8386, CVE-2015-8388, CVE-2015-8385,...
9.8CVSS
9.7AI Score
EPSS
Releases Ubuntu 20.04 LTS Packages libnet-cidr-lite-perl - module for merging IPv4 or IPv6 CIDR address ranges Details It was discovered that Net::CIDR::Lite incorrectly handled extra zero characters at the beginning of IP address strings. A remote attacker could possibly use this issue to...
7.1AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Net::CIDR::Lite vulnerability (USN-6712-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6712-1 advisory. The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some...
7AI Score
0.0004EPSS
6.8AI Score
0.0004EPSS
[SECURITY] [DLA 3770-1] libnet-cidr-lite-perl security update
Debian LTS Advisory DLA-3770-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz March 23, 2024 https://wiki.debian.org/LTS Package : libnet-cidr-lite-perl Version : 0.21-2+debu10u1 CVE...
5.9AI Score
0.0004EPSS
Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
6.5AI Score
0.0004EPSS
A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can...
4.3CVSS
4.6AI Score
0.0004EPSS
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126...
10CVSS
10AI Score
0.001EPSS
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and...
5.4CVSS
6.1AI Score
0.0004EPSS
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and...
5.4CVSS
5.2AI Score
0.0004EPSS
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and...
5.4CVSS
5.5AI Score
0.0004EPSS
Permalink Manager Lite < 2.4.3.1 - Reflected Cross-Site Scripting
Description The Permalink Manager Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
7.1CVSS
6.3AI Score
0.0004EPSS
WP Fusion Lite < 3.42.10 - Authenticated (Contributor+) Remote Code Execution
Description The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.41.24. This makes it possible for authenticated attackers, with contributor-level access and above, to execute....
9.9CVSS
7.5AI Score
0.0004EPSS
Permalink Manager Lite and Permalink Manager pro < 2.4.3.2 - Reflected Cross-Site Scripting
Description The Permalink Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject.....
6.1CVSS
6.2AI Score
0.0004EPSS
Plugin Permalink < 2.4.3.2 - Missing Authorization via get_uri_editor
Description The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of.....
4.3CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
(RHSA-2024:1406) Moderate: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through...
5.9CVSS
9.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through...
5.9CVSS
5.9AI Score
0.0004EPSS
RHEL 8 : bind (RHSA-2024:1406)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1406 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a...
7.5CVSS
7.8AI Score
0.001EPSS
A vulnerability was found in the Perl module Net::CIDR::Lite, where extraneous zero characters at the start of an IP address string are not adequately handled. This flaw may enable attackers to circumvent IP address-based access controls in certain...
7AI Score
0.0004EPSS
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP...
6.3AI Score
0.0004EPSS
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP...
6.7AI Score
0.0004EPSS
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP...
6.9AI Score
0.0004EPSS
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP...
6.4AI Score
0.0004EPSS
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP...
7.1AI Score
0.0004EPSS
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP...
6.6AI Score
0.0004EPSS