Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through...
8.8CVSS
0.001EPSS
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-4744 WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through...
5.3CVSS
7AI Score
0.0005EPSS
CVE-2024-4744 WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through...
5.3CVSS
0.0005EPSS
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...
4.3CVSS
7AI Score
0.0004EPSS
CVE-2024-35721 WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through...
4.3CVSS
0.001EPSS
CVE-2024-35721 WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through...
4.3CVSS
6.9AI Score
0.001EPSS
Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through...
5.3CVSS
0.001EPSS
8CVSS
8.2AI Score
0.0004EPSS
Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Go to to Quizzes & Surveys 2. Add/edit a....
5.2AI Score
EPSS
Linux kernel (ARM laptop) vulnerabilities
Releases Ubuntu 23.10 Packages linux-laptop - Linux kernel for Lenovo X13s ARM laptops Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use...
7.8CVSS
7.7AI Score
0.001EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3759)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3759 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...
8.1CVSS
7.5AI Score
0.0005EPSS
Hitachi ABB Power Grids AFS Series Loop with Unreachable Exit Condition (CVE-2020-9307)
Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a....
6.5CVSS
7.1AI Score
0.001EPSS
8CVSS
8.2AI Score
0.0004EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3758)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3758 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0005EPSS
[4.6.8-5.0.1.el7_9.17] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7_9.17] - Resolves: RHEL-29926 ipa: user can obtain a hash of the passwords of all domain users and perform offline brute...
8.1CVSS
6.8AI Score
0.0005EPSS
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role PoC 1) You will need a valid nonce for deletion of quiz questions. 2) Sign in....
7.7AI Score
EPSS
Oracle Linux 7 : ipa (ELSA-2024-3760)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3760 advisory. [4.6.8-5.0.1.el7_9.17] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7_9.17] - Resolves: RHEL-29926.....
8.1CVSS
8AI Score
0.0005EPSS
7.8CVSS
8.7AI Score
0.001EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux-gkeop - Linux kernel for Google Container Engine (GKE) systems linux-gkeop-5.15 - Linux kernel for Google Container Engine (GKE) systems linux-kvm - Linux kernel for cloud environments Details It was discovered that the ATA over...
8CVSS
8.4AI Score
0.0004EPSS
Important: idm:DL1 security update
AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access...
8.1CVSS
6.9AI Score
0.0005EPSS
7.4AI Score
0.0004EPSS
Intel 2024.2 IPU - BIOS May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® Processors, which might allow information disclosure and/or denial of service. Intel is releasing microcode updates to mitigate the potential vulnerabilities. Intel has released updates to mitigate the potential...
4.7CVSS
6.9AI Score
0.0004EPSS
7.8CVSS
8.7AI Score
0.001EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3775)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3775 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0005EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3755)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3755 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional...
8.1CVSS
8.4AI Score
0.0005EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6821-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-2 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...
8CVSS
8.1AI Score
0.0004EPSS
RHEL 7 : bind, bind-dyndb-ldap, and dhcp (RHSA-2024:3741)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3741 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....
7.5CVSS
7.4AI Score
0.05EPSS
Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6818-2)
The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...
7.8CVSS
7.5AI Score
0.001EPSS
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above...
8.1AI Score
EPSS
RHEL 8 : idm:DL1 (RHSA-2024:3756)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3756 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0005EPSS
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3760 advisory. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and...
8.1CVSS
8.1AI Score
0.0005EPSS
7.4AI Score
Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.9AI Score
EPSS
An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated....
8.8CVSS
0.001EPSS
An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated....
8.8CVSS
7.8AI Score
0.001EPSS
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...
5.3CVSS
5.3AI Score
0.0005EPSS
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...
5.3CVSS
0.0005EPSS
Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through...
9.8CVSS
0.001EPSS
Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through...
9.8CVSS
5.4AI Score
0.001EPSS
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...
5.3CVSS
0.0005EPSS
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...
5.3CVSS
7AI Score
0.0005EPSS
CVE-2024-34802 WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through...
5.3CVSS
0.001EPSS
CVE-2024-34802 WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through...
5.3CVSS
6.9AI Score
0.001EPSS
Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS