Elementor Header & Footer Builder Security Vulnerabilities
Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through...
5.3CVSS
0.0004EPSS
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...
0.0004EPSS
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...
5.4AI Score
0.0004EPSS
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...
5.2AI Score
0.0004EPSS
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...
5.4AI Score
0.0004EPSS
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...
5.2AI Score
0.0004EPSS
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird <...
0.0004EPSS
Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...
4.3CVSS
0.0004EPSS
CVE-2023-33922 WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...
4.3CVSS
0.0004EPSS
CVE-2023-33922 WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...
4.3CVSS
7AI Score
0.0004EPSS
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...
5.3CVSS
5.3AI Score
0.001EPSS
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...
5.3CVSS
0.001EPSS
QR code SQL injection and other vulnerabilities in a popular biometric terminal
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....
10CVSS
9AI Score
0.0004EPSS
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...
5.3CVSS
0.001EPSS
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...
5.3CVSS
6.8AI Score
0.001EPSS
tornado is vulnerable to CRLF Injection. The vulnerability is due to improper CR/LF checks allowing for the inclusion of attacker-controlled header values in requests, which allows arbitrary headers or requests to be sent to a specified...
7.1AI Score
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...
6.4CVSS
5.7AI Score
0.001EPSS
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...
6.4CVSS
0.001EPSS
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...
6.4CVSS
5.8AI Score
0.001EPSS
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...
6.4CVSS
0.001EPSS
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...
6.5CVSS
6.4AI Score
0.0004EPSS
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...
6.5CVSS
0.0004EPSS
CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service)
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...
6.5CVSS
6.7AI Score
0.0004EPSS
CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service)
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...
6.5CVSS
0.0004EPSS
Visual Composer Website Builder < 45.9.0 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 45.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...
6.5CVSS
5.7AI Score
0.0004EPSS
Mozilla Firefox Security Advisory (MFSA2024-25) - Linux
This host is missing a security update for Mozilla...
7.4AI Score
0.0004EPSS
ARMember < 4.0.28 - Directory Traversal via X-FILENAME
Description The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files (e.g., CSS) to directories outside the...
7.1AI Score
Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due....
6.4CVSS
5.8AI Score
0.001EPSS
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Notes Author| Note -...
5.5AI Score
0.0004EPSS
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. ...
8.1AI Score
0.0004EPSS
Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input...
6.4CVSS
5.9AI Score
0.0004EPSS
The version of Firefox installed on the remote Windows host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory. If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the...
7.7AI Score
0.0004EPSS
Description The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated.....
6.5CVSS
6.7AI Score
0.0004EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-044)
The version of kernel installed on the remote host is prior to 5.15.160-104.158. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-044 advisory. In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial...
5.5CVSS
7.5AI Score
0.0004EPSS
The version of Firefox ESR installed on the remote Windows host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. (CVE-2024-5702) ...
7.8AI Score
0.0004EPSS
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory. If a specific sequence of actions is performed when opening a new tab, the triggering principal...
7.9AI Score
0.0004EPSS
Security Vulnerabilities fixed in Firefox ESR 115.12 — Mozilla
Memory corruption in the networking stack could have led to a potentially exploitable crash. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. By monitoring the time certain operations take, an attacker could have guessed which.....
7.5AI Score
0.0004EPSS
Security Vulnerabilities fixed in Firefox 127 — Mozilla
If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec- headers, meaning there is the potential for incorrect...
7.3AI Score
0.0004EPSS
CentOS 9 : openssl-3.2.2-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the openssl-3.2.2-1.el9 build changelog. Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact...
7.4AI Score
EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...
4.3CVSS
4.8AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...
4.3CVSS
0.001EPSS
CVE-2024-36419 SuiteCRM-Core Host Header Injection in /legacy
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...
4.3CVSS
7.4AI Score
0.001EPSS
CVE-2024-36419 SuiteCRM-Core Host Header Injection in /legacy
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...
4.3CVSS
0.001EPSS
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an...
6.7AI Score
0.001EPSS
Payment Gateway for Telcell < 2.0.4 - Open Redirect
The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect...
6.8AI Score
EPSS
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing
Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby (Docker Engine) prior to 20.10.11 treat the Content-Type...
7AI Score