Lucene search
K

8548 matches found

Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.8 views

PT-2024-17551

Name of the Vulnerable Software and Affected Versions Exclusive Addons for Elementor versions through 2.6.9 Description The Exclusive Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the data attribute. This is due to insufficient input sanitization...

6.4CVSS7AI score0.01593EPSS
Exploits12References37
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

WordPress Plugin Orbit Fox by ThemeIsle Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS5.8AI score0.00532EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.3 views

WordPress Plugin Gutenberg Blocks by Kadence Blocks Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS5.9AI score0.00532EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.5 views

WordPress Plugin Elementor Addon Elements Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS5.8AI score0.00501EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/13 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-1324)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References2
OSV
OSV
added 2024/03/12 11:15 p.m.2 views

CVE-2024-1421

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bordertype’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible f...

5.4CVSS7.4AI score0.0032EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/03/12 8:8 p.m.21 views

CVE-2024-27758

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref e.g., np.arrayclientnetref, a remote attacker can craft a class that results in remote code execution...

8.5CVSS6.9AI score0.00507EPSS
Exploits0References4
NVD
NVD
added 2024/03/12 4:15 p.m.9 views

CVE-2024-27758

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref e.g., np.arrayclientnetref, a remote attacker can craft a class that results in remote code execution...

8.4CVSS7.2AI score0.00507EPSS
Exploits0References2
OSV
OSV
added 2024/03/12 4:15 p.m.1 views

DEBIAN-CVE-2024-27758

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref e.g., np.arrayclientnetref, a remote attacker can craft a class that results in remote code execution...

8.4CVSS8.3AI score0.00507EPSS
Exploits0References1
Prion
Prion
added 2024/03/12 4:15 p.m.21 views

Remote code execution

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref e.g., np.arrayclientnetref, a remote attacker can craft a class that results in remote code execution...

7.5AI score0.00507EPSS
Exploits0References2
PyPA
PyPA
added 2024/03/12 4:15 p.m.5 views

PYSEC-2024-44

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref e.g., np.arrayclientnetref, a remote attacker can craft a class that results in remote code execution...

8.4CVSS7.7AI score0.00507EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/03/12 4:15 p.m.1 views

UBUNTU-CVE-2024-27758

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref e.g., np.arrayclientnetref, a remote attacker can craft a class that results in remote code execution...

8.4CVSS6.1AI score0.00507EPSS
Exploits0References6
OSV
OSV
added 2024/03/12 11:15 a.m.1 views

CVE-2024-22039

A vulnerability has been identified in Cerberus PRO EN Engineering Tool All versions IP8, Cerberus PRO EN Fire Panel FC72x IP6 All versions IP6 SR3, Cerberus PRO EN Fire Panel FC72x IP7 All versions IP7 SR5, Cerberus PRO EN X200 Cloud Distribution IP7 All versions V3.0.6602, Cerberus PRO EN X200...

9.8CVSS6.2AI score0.00813EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.30 views

EulerOS 2.0 SP10 : python-jinja2 (EulerOS-SA-2024-1324)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible...

6.1CVSS7.6AI score0.00892EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.9 views

PT-2024-18031 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.4.4 Description: The issue is related to Stored Cross-Site Scripting via the border type attribute of the Post Carousel widget due to insufficient...

6.4CVSS7.9AI score0.0032EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.4 views

Peering Manager Cross-Site Scripting Vulnerability

Peering Manager is a BGP session management tool. A cross-site scripting vulnerability exists in Peering Manager 1.8.2 and prior versions that stems from a stored cross-site scripting XSS vulnerability in the name attribute...

6.1CVSS5.6AI score0.00323EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.6 views

PT-2024-18008 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.4.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's blocks due to insufficient input sanitization and output...

6.4CVSS8AI score0.00478EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.35 views

EulerOS 2.0 SP10 : python-jinja2 (EulerOS-SA-2024-1346)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible...

6.1CVSS7.6AI score0.00892EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/11 10:50 p.m.33 views

CVE-2024-28199 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...

7.1CVSS6.6AI score0.00604EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/03/11 10:50 p.m.12 views

CVE-2024-28199 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...

7.1CVSS5.7AI score0.00604EPSS
Exploits0References4
Rows per page
Query Builder