Lucene search
+L

196 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.2 views

Malicious code in co-in-mas-ter-free-spins-trhgrfr (npm)

The package co-in-mas-ter-free-spins-trhgrfr was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/09/05 5:10 p.m.1 views

MAL-2025-43837 Malicious code in co-in-mas-ter-free-spins-rthrtg (npm)

The package co-in-mas-ter-free-spins-rthrtg was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/09/05 5:10 p.m.1 views

MAL-2025-46647 Malicious code in working-april-co-in-mas-ter-free-spins-rthrtg (npm)

The package working-april-co-in-mas-ter-free-spins-rthrtg was found to contain malicious code...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.9 views

CVE-2024-49233

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MadrasThemes MAS Elementor mas-addons-for-elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through = 1.1.6...

6.5CVSS5.9AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.7 views

CVE-2024-8483

The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the staticcontent function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive information...

6.5CVSS6.2AI score0.00442EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:8 a.m.9 views

CVE-2024-27461

Incorrect default permissions in software installer for IntelR MAS GUI may allow an authenticated user to potentially enable denial of service via local access...

5.6CVSS6.6AI score0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.16 views

CVE-2023-36490

Improper initialization in some IntelR MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access...

5.5CVSS6.5AI score0.00197EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/25 8:34 p.m.36 views

Security Bulletin: There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure (CVE-2024-22328)

Summary There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure. Vulnerability Details CVEID:CVE-2024-22328 DESCRIPTION: IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to travers...

7.5CVSS7.6AI score0.00843EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22354)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

7.5CVSS7.2AI score0.00649EPSS
Exploits0Affected Software11
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.5 views

PT-2025-2205 · WordPress · Mailup Auto Subscription

Name of the Vulnerable Software and Affected Versions: MailUp Auto Subscription plugin for WordPress version 1.1.0 and earlier Description: The issue is due to missing or incorrect nonce validation on the mas options function, making it possible for unauthenticated attackers to update settings an...

6.1CVSS9.5AI score0.00134EPSS
Exploits0References9
NVD
NVD
added 2025/01/08 9:15 a.m.8 views

CVE-2024-12328

The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

6.4CVSS0.00277EPSS
Exploits0References2
CVE
CVE
added 2025/01/08 8:18 a.m.46 views

CVE-2024-12328

CVE-2024-12328 affects MAS Elementor for WordPress. The flaw is Stored XSS via SVG uploads in all versions up to 1.1.7, exploitable by authenticated attackers with Author+ privileges to inject scripts that run when a user views the SVG. Connected sources indicate Patch Status: Patched; ongoing gu...

6.4CVSS5.7AI score0.00277EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/08 8:18 a.m.13 views

CVE-2024-12328 MAS Elementor <= 1.1.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

6.4CVSS5.8AI score0.00277EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/08 8:18 a.m.18 views

CVE-2024-12328 MAS Elementor <= 1.1.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

6.4CVSS0.00277EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.6 views

WordPress plugin MAS Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.7AI score0.00277EPSS
Exploits0References3
NVD
NVD
added 2024/11/13 9:15 p.m.12 views

CVE-2024-34164

Uncontrolled search path element in some IntelR MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access...

6.7CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 9:9 p.m.60 views

CVE-2024-34164

Intel MAS software before version 2.5 contains an Uncontrolled search path element that may allow an authenticated local user to escalate privileges. Affected product: Intel® MAS software prior to 2.5. Root cause: improper handling of search paths. Impact: local privilege escalation with high imp...

6.7CVSS6.8AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/13 9:9 p.m.35 views

CVE-2024-34164

Uncontrolled search path element in some IntelR MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access...

6.7CVSS0.00175EPSS
Exploits0References1
Intel
Intel
added 2024/11/12 12:0 a.m.10 views

Intel® MAS Software Advisory

Summary: A potential security vulnerability in some Intel® Memory and Storage Tool Intel® MAS software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-34164 Description: Uncontrolled search pat...

6.7CVSS7.1AI score0.00175EPSS
Exploits0
NVD
NVD
added 2024/10/18 10:15 a.m.29 views

CVE-2024-49233

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MadrasThemes MAS Elementor mas-addons-for-elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through = 1.1.6...

6.5CVSS0.0025EPSS
Exploits0References1
Rows per page
Query Builder