PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
EPSS
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
EPSS
The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...
EPSS
The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...
5.5AI Score
EPSS
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user...
6.4CVSS
5.7AI Score
EPSS
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user...
6.4CVSS
EPSS
CVE-2024-4627 Rank Math SEO < 1.0.219 - Authenticated Stored XSS
The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...
EPSS
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user...
6.4CVSS
EPSS
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
8.8CVSS
8.9AI Score
EPSS
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
8.8CVSS
EPSS
Meta's 'Pay or Consent' Approach Faces E.U. Competition Rules Scrutiny
Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the....
7AI Score
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated,...
9.8CVSS
8AI Score
EPSS
7.5CVSS
6.9AI Score
0.0004EPSS
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
8.8CVSS
EPSS
Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights
An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from...
7.4AI Score
The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...
6.4CVSS
EPSS
The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...
6.4CVSS
5.7AI Score
EPSS
SSH Vulnerability Scanner The SSH Vulnerability Scanner is a...
8.1CVSS
8.2AI Score
EPSS
The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...
6.4CVSS
EPSS
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.001EPSS
CVE-2021-28543 affecting package varnish-modules 0.16.0-4
CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.002EPSS
CVE-2019-12280 affecting package toolbox 0.0.18-9
CVE-2019-12280 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...
7.8CVSS
7.2AI Score
0.003EPSS
CVE-1999-1090 affecting package telnet 0.17-81
CVE-1999-1090 affecting package telnet 0.17-81. This CVE either no longer is or was never...
7.2AI Score
0.004EPSS
CVE-2021-21704 affecting package php 7.4.14-3
CVE-2021-21704 affecting package php 7.4.14-3. This CVE either no longer is or was never...
5.9CVSS
7AI Score
0.004EPSS
CVE-2007-3205 affecting package php 7.4.14-3
CVE-2007-3205 affecting package php 7.4.14-3. This CVE either no longer is or was never...
6.9AI Score
0.065EPSS
CVE-2021-3571 affecting package linuxptp 2.0-8
CVE-2021-3571 affecting package linuxptp 2.0-8. This CVE either no longer is or was never...
7.1CVSS
7.1AI Score
0.003EPSS
CVE-2017-1000231 affecting package ldns 1.7.0-31
CVE-2017-1000231 affecting package ldns 1.7.0-31. This CVE either no longer is or was never...
9.8CVSS
9.6AI Score
0.004EPSS
CVE-2022-28506 affecting package giflib 5.2.1-5
CVE-2022-28506 affecting package giflib 5.2.1-5. This CVE either no longer is or was never...
5.5CVSS
7.5AI Score
0.001EPSS
CVE-2020-7071 affecting package php 7.4.14-3
CVE-2020-7071 affecting package php 7.4.14-3. This CVE either no longer is or was never...
5.3CVSS
6.6AI Score
0.006EPSS
CVE-1999-0817 affecting package lynx 2.9.0~dev.9-5
CVE-1999-0817 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.2AI Score
0.007EPSS
CVE-2020-8908 affecting package guava 25.0-5
CVE-2020-8908 affecting package guava 25.0-5. This CVE either no longer is or was never...
3.3CVSS
6.7AI Score
0.001EPSS
CVE-2022-31626 affecting package php 7.4.14-3
CVE-2022-31626 affecting package php 7.4.14-3. This CVE either no longer is or was never...
8.8CVSS
9.8AI Score
0.008EPSS
CVE-2007-1397 affecting package fish 3.1.2-4
CVE-2007-1397 affecting package fish 3.1.2-4. This CVE either no longer is or was never...
7.5AI Score
0.171EPSS
CVE-2020-25207 affecting package toolbox 0.0.18-9
CVE-2020-25207 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...
9.8CVSS
7.2AI Score
0.024EPSS
CVE-2021-21705 affecting package php 7.4.14-3
CVE-2021-21705 affecting package php 7.4.14-3. This CVE either no longer is or was never...
5.3CVSS
6.6AI Score
0.001EPSS
CVE-2021-21703 affecting package php 7.4.14-3
CVE-2021-21703 affecting package php 7.4.14-3. This CVE either no longer is or was never...
7.8CVSS
9.6AI Score
0.001EPSS
CVE-2020-27827 affecting package lldpd 1.0.4-3
CVE-2020-27827 affecting package lldpd 1.0.4-3. This CVE either no longer is or was never...
7.5CVSS
7.6AI Score
0.006EPSS
CVE-2021-3634 affecting package libssh 0.9.5-2
CVE-2021-3634 affecting package libssh 0.9.5-2. This CVE either no longer is or was never...
6.5CVSS
9.7AI Score
0.006EPSS
CVE-2019-16707 affecting package hunspell 1.7.0-7
CVE-2019-16707 affecting package hunspell 1.7.0-7. This CVE either no longer is or was never...
6.5CVSS
7AI Score
0.003EPSS
CVE-2019-18368 affecting package toolbox 0.0.18-9
CVE-2019-18368 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...
7.3CVSS
7.2AI Score
0.001EPSS
CVE-2021-21707 affecting package php 7.4.14-3
CVE-2021-21707 affecting package php 7.4.14-3. This CVE either no longer is or was never...
5.3CVSS
9.6AI Score
0.001EPSS
CVE-2018-7263 affecting package libmad 0.15.1b-30
CVE-2018-7263 affecting package libmad 0.15.1b-30. This CVE either no longer is or was never...
9.8CVSS
9.5AI Score
0.005EPSS
CVE-2017-1000232 affecting package ldns 1.7.0-31
CVE-2017-1000232 affecting package ldns 1.7.0-31. This CVE either no longer is or was never...
9.8CVSS
9.6AI Score
0.004EPSS
CVE-2013-7381 affecting package libnotify 0.7.9-4
CVE-2013-7381 affecting package libnotify 0.7.9-4. This CVE either no longer is or was never...
9.8CVSS
7AI Score
0.003EPSS
CVE-2010-4756 affecting package glibc 2.35-7
CVE-2010-4756 affecting package glibc 2.35-7. This CVE either no longer is or was never...
6.4AI Score
0.008EPSS
CVE-2010-4226 affecting package cpio 2.13-5
CVE-2010-4226 affecting package cpio 2.13-5. This CVE either no longer is or was never...
6.8AI Score
0.003EPSS
CVE-2022-20001 affecting package fish 3.1.2-4
CVE-2022-20001 affecting package fish 3.1.2-4. This CVE either no longer is or was never...
7.8CVSS
8AI Score
0.002EPSS
CVE-2021-3716 affecting package nbdkit 1.20.7-5
CVE-2021-3716 affecting package nbdkit 1.20.7-5. This CVE either no longer is or was never...
3.1CVSS
7.5AI Score
0.001EPSS
CVE-2020-25013 affecting package toolbox 0.0.18-9
CVE-2020-25013 affecting package toolbox 0.0.18-9. This CVE either no longer is or was never...
7.5CVSS
7.2AI Score
0.001EPSS
CVE-2022-31625 affecting package php 7.4.14-3
CVE-2022-31625 affecting package php 7.4.14-3. This CVE either no longer is or was never...
8.1CVSS
9.8AI Score
0.004EPSS