Lucene search

K

Similar Posts – Best Related Posts Plugin For WordPress Security Vulnerabilities

cvelist
cvelist

CVE-2024-5332 Exclusive Addons for Elementor <= 2.6.9.8 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Card Widget

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Card widget in all versions up to, and including, 2.6.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

EPSS

2024-06-26 05:40 AM
cve
cve

CVE-2024-5332 Exclusive Addons for Elementor <= 2.6.9.8 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Card Widget

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Card widget in all versions up to, and including, 2.6.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

EPSS

2024-06-26 05:40 AM
cve
cve

CVE-2024-4578

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-26 05:24 AM
1
nvd
nvd

CVE-2024-34581

The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

EPSS

2024-06-26 05:15 AM
1
nvd
nvd

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly".....

EPSS

2024-06-26 05:15 AM
1
cve
cve

CVE-2024-34581

The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

6.5AI Score

EPSS

2024-06-26 05:15 AM
1
cve
cve

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly".....

7AI Score

EPSS

2024-06-26 05:15 AM
1
thn
thn

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by...

9.8CVSS

7.8AI Score

0.001EPSS

2024-06-26 04:24 AM
8
cve
cve

CVE-2024-37138

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the...

4.1CVSS

6.7AI Score

EPSS

2024-06-26 04:15 AM
2
cve
cve

CVE-2024-37140

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system....

8.8CVSS

7.7AI Score

EPSS

2024-06-26 04:15 AM
2
nvd
nvd

CVE-2024-37139

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource...

6.5CVSS

EPSS

2024-06-26 04:15 AM
2
cve
cve

CVE-2024-37139

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource...

6.5CVSS

6.7AI Score

EPSS

2024-06-26 04:15 AM
2
nvd
nvd

CVE-2024-37138

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the...

4.1CVSS

EPSS

2024-06-26 04:15 AM
2
nvd
nvd

CVE-2024-37140

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system....

8.8CVSS

EPSS

2024-06-26 04:15 AM
3
nvd
nvd

CVE-2024-37141

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information...

3.5CVSS

EPSS

2024-06-26 04:15 AM
3
cve
cve

CVE-2024-37141

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information...

3.5CVSS

6.4AI Score

EPSS

2024-06-26 04:15 AM
2
cvelist
cvelist

CVE-2024-37141

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information...

3.5CVSS

EPSS

2024-06-26 04:00 AM
2
cvelist
cvelist

CVE-2024-37140

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system....

8.8CVSS

EPSS

2024-06-26 03:54 AM
2
cvelist
cvelist

CVE-2024-37139

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource...

6.5CVSS

EPSS

2024-06-26 03:38 AM
2
cvelist
cvelist

CVE-2024-37138

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the...

4.1CVSS

EPSS

2024-06-26 03:24 AM
3
cve
cve

CVE-2024-29176

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable...

8.8CVSS

7.9AI Score

EPSS

2024-06-26 03:15 AM
2
nvd
nvd

CVE-2024-29175

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...

5.9CVSS

EPSS

2024-06-26 03:15 AM
2
nvd
nvd

CVE-2024-29176

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable...

8.8CVSS

EPSS

2024-06-26 03:15 AM
2
nvd
nvd

CVE-2024-29177

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain...

2.7CVSS

EPSS

2024-06-26 03:15 AM
2
nvd
nvd

CVE-2024-29174

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

4.4CVSS

EPSS

2024-06-26 03:15 AM
2
cve
cve

CVE-2024-29175

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...

5.9CVSS

6.9AI Score

EPSS

2024-06-26 03:15 AM
2
cve
cve

CVE-2024-29174

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

4.4CVSS

8AI Score

EPSS

2024-06-26 03:15 AM
2
cve
cve

CVE-2024-29177

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain...

2.7CVSS

6.5AI Score

EPSS

2024-06-26 03:15 AM
nvd
nvd

CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...

6.8CVSS

EPSS

2024-06-26 03:15 AM
1
cve
cve

CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...

6.8CVSS

6.5AI Score

EPSS

2024-06-26 03:15 AM
1
cve
cve

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

5.9CVSS

6AI Score

EPSS

2024-06-26 03:15 AM
2
nvd
nvd

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

5.9CVSS

EPSS

2024-06-26 03:15 AM
2
wolfi
wolfi

CVE-2024-4368 vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

0.0004EPSS

2024-06-26 03:08 AM
43
wolfi
wolfi

CVE-2024-3914 vulnerabilities

Vulnerabilities for packages:...

8.9AI Score

0.0005EPSS

2024-06-26 03:08 AM
64
wolfi
wolfi

CVE-2024-5159 vulnerabilities

Vulnerabilities for packages:...

7.1AI Score

0.0004EPSS

2024-06-26 03:08 AM
36
wolfi
wolfi

CVE-2024-5274 vulnerabilities

Vulnerabilities for packages:...

8.8CVSS

7.1AI Score

0.003EPSS

2024-06-26 03:08 AM
36
wolfi
wolfi

GHSA-P8V3-5HQQ-7C5R vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-26 03:08 AM
33
wolfi
wolfi

CVE-2024-34145 vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

0.0004EPSS

2024-06-26 03:08 AM
22
wolfi
wolfi

CVE-2022-3064 vulnerabilities

Vulnerabilities for packages:...

7.5CVSS

7.5AI Score

0.005EPSS

2024-06-26 03:08 AM
43
wolfi
wolfi

GHSA-M4HF-6VGR-75R2 vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-26 03:08 AM
145
wolfi
wolfi

GHSA-XCQ4-M2R3-CMRJ vulnerabilities

Vulnerabilities for packages: zot,...

7.5AI Score

2024-06-26 03:08 AM
20
wolfi
wolfi

GHSA-55G7-9CWV-5QFV vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-26 03:08 AM
207
wolfi
wolfi

GHSA-R978-9M6M-6GM6 vulnerabilities

Vulnerabilities for packages: kafka, solr, trino,...

7.5AI Score

2024-06-26 03:08 AM
64
wolfi
wolfi

CVE-2024-23944 vulnerabilities

Vulnerabilities for packages: kafka, solr, trino,...

8.2AI Score

0.0004EPSS

2024-06-26 03:08 AM
78
wolfi
wolfi

CVE-2023-0657 vulnerabilities

Vulnerabilities for packages:...

6.8AI Score

EPSS

2024-06-26 03:08 AM
44
wolfi
wolfi

CVE-2024-1132 vulnerabilities

Vulnerabilities for packages:...

8.1CVSS

8.3AI Score

0.0005EPSS

2024-06-26 03:08 AM
43
wolfi
wolfi

GHSA-8RMM-GM28-PJ8Q vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-26 03:08 AM
36
wolfi
wolfi

GHSA-C9H6-V78W-52WJ vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-26 03:08 AM
41
wolfi
wolfi

GHSA-MRV8-PQFJ-7GP5 vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-26 03:08 AM
33
wolfi
wolfi

GHSA-M6Q9-P373-G5Q8 vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-26 03:08 AM
37
Total number of security vulnerabilities2226900