The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
8.8CVSS
9.5AI Score
0.001EPSS
The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
8.8CVSS
8.9AI Score
0.001EPSS
The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout' attribute. This makes it possible for authenticated attackers, with contributor-level and above...
8.8CVSS
7.5AI Score
0.001EPSS
The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout' attribute. This makes it possible for authenticated attackers, with contributor-level and above...
8.8CVSS
8.9AI Score
0.001EPSS
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in.....
9.8CVSS
7.8AI Score
0.001EPSS
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to....
8.8CVSS
9AI Score
0.001EPSS
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to....
8.8CVSS
7.5AI Score
0.001EPSS
Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The...
6.1CVSS
6.1AI Score
0.0004EPSS
Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The...
6.1CVSS
5.9AI Score
0.0004EPSS
Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...
8.1CVSS
7.4AI Score
0.0005EPSS
Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...
8.1CVSS
8.3AI Score
0.0005EPSS
Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...
8.1CVSS
7.3AI Score
0.0005EPSS
8.1AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to...
6.5AI Score
0.0004EPSS
8.1CVSS
7.5AI Score
0.094EPSS
Rocky Linux 9 : git-lfs (RLSA-2024:2724)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2724 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames....
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to...
6.5AI Score
0.0004EPSS
Npgsql is the .NET data provider for PostgreSQL. The WriteBind() method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This...
8.1CVSS
8.4AI Score
0.0005EPSS
Rocky Linux 9 : golang (RLSA-2024:2562)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2562 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames....
7.5CVSS
8AI Score
0.0005EPSS
Rocky Linux 9 : tigervnc (RLSA-2024:2616)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2616 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped...
7.8CVSS
7.7AI Score
0.0005EPSS
CVE-2024-4820 SourceCodester Online Computer and Laptop Store unrestricted upload
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....
6.3CVSS
6.9AI Score
0.0004EPSS
CVE-2024-4820 SourceCodester Online Computer and Laptop Store unrestricted upload
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....
6.3CVSS
6.7AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
About the security content of macOS Ventura 13.6.7
About the security content of macOS Ventura 13.6.7 This document describes the security content of macOS Ventura 13.6.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
7.8CVSS
8.1AI Score
0.002EPSS
7.4AI Score
7.4AI Score
About the security content of macOS Monterey 12.7.5
About the security content of macOS Monterey 12.7.5 This document describes the security content of macOS Monterey 12.7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
7.6AI Score
0.0005EPSS
About the security content of tvOS 17.5
About the security content of tvOS 17.5 This document describes the security content of tvOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
7.5AI Score
0.0005EPSS
About the security content of watchOS 10.5
About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
7.3AI Score
0.0005EPSS
About the security content of macOS Sonoma 14.5
About the security content of macOS Sonoma 14.5 This document describes the security content of macOS Sonoma 14.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....
5.5CVSS
8.9AI Score
0.001EPSS
About the security content of iOS 17.5 and iPadOS 17.5
About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
7.5AI Score
0.001EPSS
CVE-2024-4798 SourceCodester Online Computer and Laptop Store manage_brand.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may....
6.3CVSS
7AI Score
0.0004EPSS
CVE-2024-4798 SourceCodester Online Computer and Laptop Store manage_brand.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may....
6.3CVSS
7.3AI Score
0.0004EPSS
RHEL 7 : pyopenssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. pyOpenSSL: Failure to release memory before removing last reference in PKCS #12 Store (CVE-2018-1000808) Note that...
6.7AI Score
0.003EPSS
RHEL 7 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) Integer overflow in the...
9.9AI Score
0.895EPSS
RHEL 8 : pyopenssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. pyOpenSSL: Use-after-free in X509 object handling (CVE-2018-1000807) Python Cryptographic Authority...
6.9AI Score
0.094EPSS