CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2024/07/10 12:0 a.m.•11 views

WordPress SKT Addons for Elementor Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Software SKT Addons for Elementor Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38674 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 02254511f638 Credits 4rCanJ0x! Required privilege...

6.5CVSS6.6AI score0.00299EPSS

OSV•added 2024/07/09 3:15 p.m.•24 views

CVE-2024-6612

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox 128 and Thunderbird 128...

5.3CVSS5.9AI score0.00496EPSS

NVD•added 2024/07/09 3:15 p.m.•20 views

CVE-2024-6612

5.3CVSS0.00496EPSS

CVE•added 2024/07/09 2:26 p.m.•304 views

CVE-2024-6612

CVE-2024-6612 describes a CSP violation leakage in devtools that caused DNS prefetching to reveal the CSP violation. Credible sources in the provided connected documents show impact on Mozilla Firefox and Thunderbird when running versions older than 128. The vulnerability is an information disclo...

5.3CVSS6.2AI score0.00496EPSS

Exploits0References3Affected Software2

Vulnrichment•added 2024/07/09 2:26 p.m.•12 views

CVE-2024-6612 CSP violation leakage when using devtools

6.1AI score0.00496EPSS

Cvelist•added 2024/07/09 2:26 p.m.•55 views

CVE-2024-6612 CSP violation leakage when using devtools

0.00496EPSS

NVD•added 2024/07/09 5:15 a.m.•19 views

CVE-2024-39599

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability...

4.7CVSS0.00306EPSS

Exploits0References2

UbuntuCve•added 2024/07/09 2:15 a.m.•39 views

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS6.8AI score0.01104EPSS

Exploits0References7

8.8CVSS6.5AI score0.00631EPSS

WordPress Pie Register Plugin <= 3.8.3.4 is vulnerable to Broken Access Control

Software Pie Register Type Plugin Vulnerable versions = 3.8.3.4 Fixed in 3.8.3.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6069 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 62f61e484b06 Credits Lucio Sá Required privilege...

Exploits0References3Affected Software1

Patchstack•added 2024/07/09 12:0 a.m.•11 views

WordPress Chained Quiz Plugin <= 1.3.2.8 is vulnerable to Broken Access Control

Software Chained Quiz Type Plugin Vulnerable versions = 1.3.2.8 Fixed in 1.3.2.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37921 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 76baa1346d76 Credits Manab Jyoti Dowarah Required...

5.3CVSS6.5AI score0.00371EPSS

5.3CVSS5.2AI score0.00562EPSS

WordPress Product Designer Plugin <= 1.0.33 is vulnerable to Broken Access Control

Software Product Designer Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3608 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7913547b43c1 Credits Lucio Sá Required privilege...

Patchstack•added 2024/07/09 12:0 a.m.•6 views

WordPress Squelch Tabs and Accordions Shortcodes Plugin <= 0.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Squelch Tabs and Accordions Shortcodes Type Plugin Vulnerable versions = 0.4.8 Fixed in 0.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5946 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b92bc9205697 Credits...

6.4CVSS5.8AI score0.00337EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/07/09 12:0 a.m.•11 views

WordPress Pricing Table Plugin <= 2.0.1 is vulnerable to Broken Access Control

Software Pricing Table Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4102 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7d83a882cffe Credits Benedictus Jovan aillesiM Required...

5.4CVSS6.6AI score0.00269EPSS

5.4CVSS6.6AI score0.00465EPSS

WordPress Cliengo – Chatbot Plugin <= 3.0.1 is vulnerable to Broken Access Control

Software Cliengo – Chatbot Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5993 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 950b128377a0 Credits Lucio Sá Required privilege...

Exploits0References3Affected Software1

5.4CVSS5.7AI score0.00295EPSS

WordPress SCSS Happy Compiler Plugin <= 1.3.10 is vulnerable to Cross Site Scripting (XSS)

Software SCSS Happy Compiler Type Plugin Vulnerable versions = 1.3.10 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5600 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d155b6e3b303 Credits Lucio Sá Requir...

Patchstack•added 2024/07/09 12:0 a.m.•10 views

WordPress Comment Images Reloaded Plugin <= 2.2.1 is vulnerable to Broken Access Control

Software Comment Images Reloaded Type Plugin Vulnerable versions = 2.2.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-5856 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a3534aef50ef Credits Lucio Sá Required...

4.3CVSS6.6AI score0.00403EPSS