The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...
6.5CVSS
0.0005EPSS
The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...
4.3CVSS
0.001EPSS
The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...
4.3CVSS
4.3AI Score
0.001EPSS
The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...
6.5CVSS
6.2AI Score
0.0005EPSS
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...
4.3CVSS
0.0004EPSS
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...
4.3CVSS
4.4AI Score
0.0004EPSS
The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...
4.3CVSS
0.001EPSS
The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor...
4.3CVSS
6.5AI Score
0.001EPSS
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for...
4.3CVSS
0.0004EPSS
The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...
5.3CVSS
0.001EPSS
The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...
5.3CVSS
6.6AI Score
0.001EPSS
The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...
6.5CVSS
6.6AI Score
0.0005EPSS
The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with...
6.5CVSS
0.0005EPSS
CVE-2024-5503 WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion
The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...
8.8CVSS
0.001EPSS
CVE-2024-5503 WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion
The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...
8.8CVSS
7.7AI Score
0.001EPSS
The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping....
6.1CVSS
0.0005EPSS
Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm
CVE-2023-30253 CVE-2023-30253 PoC Description This is my...
8.8CVSS
7.8AI Score
0.008EPSS
Ivanti Endpoint Manager < 2022 SU4 Privilege Escalation (SA-2023-06-20)
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a...
9.8CVSS
7.5AI Score
0.006EPSS
SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2106-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2106-1 advisory. - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names...
8.8CVSS
9.4AI Score
0.0004EPSS
The version of Streamline NX Client installed on the remote host is prior to 3.4.3.2, 3.5.1.202, 3.6.2.2, or 3.7.2.1. It is, therefore, affected by a vulnerability as referenced in the 2024-000005 advisory. Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and...
7.1AI Score
0.0004EPSS
Streamline NX Client < 3.4.3.2 / 3.5.x < 3.5.1.202 / 3.6.x < 3.6.2.2 RCE (2024-000004)
The version of Streamline NX Client installed on the remote host is prior to 3.231.0, 3.4.3.2, 3.5.1.202 or 3.6.2.2. It is, therefore, affected by a vulnerability as referenced in the 2024-000004 advisory. Improper restriction of communication channel to intended endpoints issue exists in Ricoh...
7.5AI Score
0.0004EPSS
FreeBSD : chromium -- multiple security fixes (007e7e77-2f06-11ef-8a0f-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 007e7e77-2f06-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 6 security fixes: Tenable has extracted the...
8.8CVSS
7.1AI Score
0.001EPSS
FreeBSD : openvpn -- two security fixes (142c538e-b18f-40a1-afac-c479effadd5c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 142c538e-b18f-40a1-afac-c479effadd5c advisory. Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs (three on Windows):...
7.4AI Score
EPSS
Fedora 39 : webkitgtk (2024-826bf5a09a)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-826bf5a09a advisory. Update to 2.44.2: * Make gamepads visible on axis movements, and not only on button presses. * Disable the gst-libav AAC decoder. * Make user scripts and...
7.1AI Score
0.0004EPSS
Kibana 8.6.3 < 8.14 (ESA-2024-15)
The version of Kibana installed on the remote host is between 8.6.3 and 8.13.4. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-15 advisory. A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run...
4.3CVSS
6.9AI Score
0.0004EPSS
CentOS 7 : thunderbird (RHSA-2024:4016)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4016 advisory. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects...
7.6AI Score
0.0004EPSS
RHEL 8 : thunderbird (RHSA-2024:4036)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4036 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
7.7AI Score
0.0004EPSS
Dell Client BIOS Incorrect Authorization (DSA-2024-122)
Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS. Note that Nessus has not tested for this issue but has instead relied.....
6.8CVSS
6.7AI Score
0.0004EPSS
Dell Client BIOS DoS (DSA-2024-168)
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. Note that Nessus has not tested for this issue but has instead relied only on the...
4.7CVSS
6.8AI Score
0.0004EPSS
Mattermost Desktop CVE-2024-36287 (macOS) (MMSA-2024-00326)
According to MMSA-2024-00326, Mattermost Desktop App versions <= 5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
3.8CVSS
4.2AI Score
0.0004EPSS
Dell Client BIOS Improper Input Validation (DSA-2024-167)
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. Note that Nessus has not tested for this issue but has...
5.1CVSS
6.6AI Score
0.0004EPSS
Dell Client BIOS Multiple Vulnerabilities (DSA-2024-124)
Dell Client Platform BIOS contains multiple Improper Input Validation vulnerabilities in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has...
7.5CVSS
6.9AI Score
0.0004EPSS
Oracle Linux 9 : nghttp2 (ELSA-2024-3501)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3501 advisory. [1.43.0-5.2] - fix CONTINUATION frames DoS (CVE-2024-28182, CVE-2024-27316) Tenable has extracted the preceding description block directly from the Oracle Linux.....
7.5CVSS
6.2AI Score
0.005EPSS
FreeBSD : qt5-webengine -- Multiple vulnerabilities (aa2b65e4-2f63-11ef-9cab-4ccc6adda413)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the aa2b65e4-2f63-11ef-9cab-4ccc6adda413 advisory. Backports for 5 security bugs in Chromium: Tenable has extracted the preceding description...
8.8CVSS
7.6AI Score
0.001EPSS
Streamline NX Client Installed (Windows)
Streamline NX Client is installed on the remote Windows...
7.4AI Score
RHEL 8 : ovn-2021 (RHSA-2024:4035)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4035 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
6.9AI Score
0.0005EPSS
SUSE SLES15 / openSUSE 15 Security Update : containerd (SUSE-SU-2024:2108-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2108-1 advisory. Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request...
6.9AI Score
0.0004EPSS
Oracle Linux 8 : thunderbird (ELSA-2024-4036)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-4036 advisory. [115.12.1-1.0.1] - Add Oracle prefs file [115.12.1] - Add OpenELA debranding [115.12.1-1] - Update to 115.12.1 build1 [115.12.0-2] - Update to...
7.3AI Score
0.0004EPSS
Fedora 40 : chromium (2024-d2b54d5a9d)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d2b54d5a9d advisory. update to 126.0.6478.114 * High CVE-2024-6100: Type Confusion in V8 * High CVE-2024-6101: Inappropriate implementation in WebAssembly * High...
8.8CVSS
9.4AI Score
0.001EPSS
AlmaLinux 8 : thunderbird (ALSA-2024:4036)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:4036 advisory. * thunderbird: Use-after-free in networking (CVE-2024-5702) * thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688) * thunderbird:...
7.8AI Score
0.0004EPSS
Fedora 39 : chromium (2024-dd14eefb0e)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-dd14eefb0e advisory. update to 126.0.6478.114 * High CVE-2024-6100: Type Confusion in V8 * High CVE-2024-6101: Inappropriate implementation in WebAssembly * High...
8.8CVSS
9.4AI Score
0.001EPSS
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:1637-2 advisory. - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5....
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...
5.4CVSS
7AI Score
0.0004EPSS
FreeBSD : qt6-webengine -- Multiple vulnerabilities (c5415838-2f52-11ef-9cab-4ccc6adda413)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c5415838-2f52-11ef-9cab-4ccc6adda413 advisory. Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: Tenable has...
8.8CVSS
7.7AI Score
0.003EPSS
Description The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social share block in all versions up to, and including, 8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes....
6.5CVSS
5.9AI Score
0.0004EPSS
Dell Client BIOS Improper Input Validation (DSA-2024-125)
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has instead...
7.5CVSS
6.8AI Score
0.0004EPSS
urllib3 Python Library < 1.26.19, < 2.2.2 (CVE-2024-37891)
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with 'ProxyManager', the 'Proxy-Authorization' header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
4.4CVSS
4.7AI Score
0.0004EPSS
Streamline NX Client Multiple Vulnerabilities (2024-000006, 2024-000007)
The version of Streamline NX Client installed on the remote host is prior to 3.2.1.19, 3.3.1.3, 3.3.2.201, 3.4.3.1, 3.5.1.201, 3.6.100.53, or 3.6.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-000006 and 2024-000007 advisories. Use of potentially dangerous...
7.4AI Score
0.0004EPSS
An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...
5.4CVSS
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2107-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2107-1 advisory. - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names...
8.8CVSS
9.4AI Score
0.0004EPSS