WordPress Comments Import & Export Security Vulnerabilities
Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through...
4.4CVSS
4.8AI Score
0.0004EPSS
Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through...
4.4CVSS
4.8AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through...
7.6CVSS
7.5AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through...
7.6CVSS
7.9AI Score
0.0004EPSS
CVE-2024-32135 WordPress Disable Comments | WPZest plugin <= 1.51 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through...
7.6CVSS
8.1AI Score
0.0004EPSS
CVE-2024-32431 WordPress Import Users from CSV plugin <= 1.2 - PHP Object Injection
Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through...
4.4CVSS
5.1AI Score
0.0004EPSS
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.64 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...
5.6AI Score
0.0004EPSS
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.64 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...
8.3AI Score
0.0004EPSS
CVE-2024-2836 Super Socializer < 7.13.64 - Editor+ Stored XSS
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.64 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...
5.8AI Score
0.0004EPSS
CVE-2024-2836 Super Socializer < 7.13.64 - Editor+ Stored XSS
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.64 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...
5.9AI Score
0.0004EPSS
7.4AI Score
0.001EPSS
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant....
5.6AI Score
0.002EPSS
9.8CVSS
7.4AI Score
0.001EPSS
9.8CVSS
7.4AI Score
0.96EPSS
7.4AI Score
EPSS
7.2AI Score
EPSS
9.8CVSS
7.1AI Score
0.001EPSS
9.8CVSS
7.4AI Score
0.001EPSS
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant....
6.3AI Score
0.002EPSS
7.4AI Score
EPSS
7.4AI Score
7.4AI Score
EPSS
7AI Score
0.001EPSS
7.4AI Score
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant....
5.9CVSS
6AI Score
0.002EPSS
9.8CVSS
7.4AI Score
EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
CVE-2024-3400 ``` import os,base64,time systempth =...
10CVSS
9.8AI Score
0.957EPSS
9.8CVSS
7.2AI Score
0.001EPSS
7.4AI Score
Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...
8CVSS
7.6AI Score
EPSS
7.4AI Score
EPSS
Dusk plugin may allow unfettered user authentication in misconfigured installs
The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without having to go through authentication. This route is [[URL]]/_dusk/login/[[USER ID]]/[[MANAGER]] - where...
8.8CVSS
6.9AI Score
0.0004EPSS
Dusk plugin may allow unfettered user authentication in misconfigured installs
The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without having to go through authentication. This route is [[URL]]/_dusk/login/[[USER ID]]/[[MANAGER]] - where...
8.8CVSS
8.9AI Score
0.0004EPSS
Mautic: MST-48 Server-Side Request Forgery in Asset section
Impact Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability. Patches Update to 4.4.12 or 5.0.4 Workarounds None References ...
6.5AI Score
EPSS
Mautic: MST-48 Server-Side Request Forgery in Asset section
Impact Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability. Patches Update to 4.4.12 or 5.0.4 Workarounds None References ...
6.6AI Score
EPSS
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
Impact Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important.....
6.9AI Score
EPSS
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
Impact Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important.....
6.7AI Score
EPSS
Traefik vulnerable to denial of service with Content-length header
There is a potential vulnerability in Traefik managing requests with Content-length and no body . Sending a GET request to any Traefik endpoint with the Content-length request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to...
7.5CVSS
7.4AI Score
0.0004EPSS
Traefik vulnerable to denial of service with Content-length header
There is a potential vulnerability in Traefik managing requests with Content-length and no body . Sending a GET request to any Traefik endpoint with the Content-length request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to...
7.5CVSS
6.9AI Score
0.0004EPSS
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Impact Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards. Patches Update to Mautic 4.4.12. Workarounds None References ...
6.2AI Score
EPSS
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Impact Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards. Patches Update to Mautic 4.4.12. Workarounds None References ...
6.2AI Score
EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through...
4.3CVSS
9.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconaissance / OSINT framework for Postman. While existing tools are great proof of concepts, they only attempt to identify very specific keywords as "secrets", and in very...
7.2AI Score
9.8CVSS
7.4AI Score
0.804EPSS
Oracle Linux 8 : bind / and / dhcp (ELSA-2024-1782)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1782 advisory. Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service...
7.5CVSS
7.3AI Score
0.05EPSS
9.8CVSS
7.4AI Score
EPSS
9.8CVSS
7.4AI Score
0.001EPSS
GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload
...
7.4AI Score
EPSS