@workos-inc/authkit-nextjs vulnerable to Session Fixation. This vulnerability is due to the improper handling of expired sessions within session.ts. This allowing an attacker to reuse an expired session by controlling the x-workos-session...
4.8CVSS
6.8AI Score
0.0004EPSS
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an...
5.9CVSS
5.7AI Score
0.008EPSS
@workos-inc/authkit-nextjs session replay vulnerability
Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...
4.8CVSS
7.1AI Score
0.0004EPSS
@workos-inc/authkit-nextjs session replay vulnerability
Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...
4.8CVSS
5.2AI Score
0.0004EPSS
7.4AI Score
Code Injection Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
NetScaler ADC is an application delivery controller. NetScaler Gateway is an access gateway with an SSL VPN solution that provides single sign-on and authentication for remote end users of network assets. Both are Citrix products. A code injection vulnerability exists in Citrix NetScaler ADC and...
8.8CVSS
8.2AI Score
0.02EPSS
Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting
Description The Code Insert Manager (Q2W3 Inc Manager) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
5.8CVSS
6.7AI Score
0.0004EPSS
A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged...
7.6AI Score
0.0004EPSS
SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp=...
6.1CVSS
6AI Score
0.001EPSS
7-Technologies AQUIS Detection
AQUIS is installed on the remote Windows host. It is a tool developed by 7-Technologies for hydraulic modeling of a water...
2.3AI Score
RealFlex Technologies RealWin Detection
RealWin, a SCADA server package from RealFlex Technologies to monitor and control real-time applications, is installed on the remote Windows...
2.2AI Score
7-Technologies TERMIS Detection
TERMIS is installed on the remote Windows host. It is a tool developed by 7-Technologies for hydraulic modeling of an energy...
1.4AI Score
Keysight Technologies Sensor Management Server Detection
The Keysight Sensor Management Server (SMS), a component of the Keysight RF Sensor Software, is running on the remote...
0.7AI Score
7-Technologies / Schneider-Electric IGSS Detection
IGSS (Interactive Graphical SCADA System) is installed on the remote Windows host. It is a SCADA system for process control and supervision developed by 7-Technologies /...
2.5AI Score
Exploit for Vulnerability in Rarlab Winrar
CVE-2023-38831 PoC (Proof Of Concept) This is an easy to use...
7.8CVSS
8.1AI Score
0.355EPSS
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke....
4.3CVSS
7AI Score
0.001EPSS
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....
4.3CVSS
6.7AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...
5.8CVSS
7.6AI Score
0.0004EPSS
The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution...
8.8CVSS
7.9AI Score
0.001EPSS
Keysight Technologies Sensor Management Server Deserialization RCE (CVE-2022-1660)
The Keysight Sensor Management Server (SMS) running on the remote host is affected by a Java object deserialization vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code in the context of the account running the Keysight SMS....
2.9AI Score
Fortinet FortiOS Trust Management Issues Vulnerability (CNVD-2024-13096)
Fortinet FortiOS is a set of U.S. Fita (Fortinet) dedicated to FortiGate network security platform on the security operating system. A trust management issue vulnerability exists in Fortinet FortiOS that stems from the presence of incorrect certificate validation, which can be exploited by an...
4.8CVSS
6.9AI Score
0.0005EPSS
7-Technologies AQUIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution
The installed version of 7-Technologies AQUIS on the remote Windows host is 1.5 dated October 13, 2011 or earlier. As such, it insecurely looks in its current working directory when resolving DLL dependencies. Attackers may exploit this issue by placing a specially crafted DLL file and another...
4.7AI Score
The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
6.1AI Score
0.0004EPSS
Keysight Technologies Sensor Management Server addLicenseFile Path Traversal (CVE-2022-38129)
The Keysight Sensor Management Server (SMS) running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to upload and run arbitrary executable files in the context of the account running the...
4.5AI Score
The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
6AI Score
0.0004EPSS
Exploit for Use After Free in Linux Linux Kernel
CVE-2022-2586-LPE LPE N-day Exploit for...
7.8CVSS
7.2AI Score
0.0004EPSS
7-Technologies TERMIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution
The installed version of 7-Technologies TERMIS on the remote Windows host is 2.10 dated November 30, 2011 or earlier. As such, it insecurely looks in its current working directory when resolving DLL dependencies. Attackers may exploit this issue by placing a specially crafted DLL file and another.....
4.7AI Score
IT and Cybersecurity Jobs in the Age of Emerging AI Technologies
By Waqas Fear AI taking your IT or cybersecurity job? Don't! Learn how AI creates new opportunities in network management, threat detection & more. This is a post from HackRead.com Read the original post: IT and Cybersecurity Jobs in the Age of Emerging AI...
7.3AI Score
The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated attackers to extract sensitive data including user...
5.3CVSS
7.2AI Score
0.0005EPSS
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
6AI Score
0.0004EPSS
GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter
In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id...
6.1CVSS
5.7AI Score
0.001EPSS
GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter
In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id...
6.1CVSS
5.7AI Score
0.001EPSS
MITRE Corporation reports: inc/user.class.php in GLPI before 9.4.3 allows XSS via a user...
6.1CVSS
2.7AI Score
0.001EPSS
GeniXCMS Cross-site Scripting (XSS) via id parameter
In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id...
6.1CVSS
5.7AI Score
0.001EPSS
GeniXCMS Cross-site Scripting (XSS) via id parameter
In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id...
6.1CVSS
5.7AI Score
0.001EPSS
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid...
8.8CVSS
8.2AI Score
0.001EPSS
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid...
8.8CVSS
8.2AI Score
0.001EPSS
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php...
7.9AI Score
0.0004EPSS
An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php...
6.9AI Score
0.0004EPSS
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1...
8.1AI Score
0.004EPSS
Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through...
5.3CVSS
7.4AI Score
0.0004EPSS
The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including, 1.0.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above,...
4.3CVSS
6.9AI Score
0.001EPSS
The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete...
4.3CVSS
6.9AI Score
0.0005EPSS
Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or...
9.4CVSS
7.5AI Score
0.001EPSS
GeniXCMS SQL injection vulnerability
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to...
7.2CVSS
8.3AI Score
0.002EPSS
GeniXCMS SQL injection vulnerability
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to...
7.2CVSS
8.3AI Score
0.002EPSS
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post...
5.3CVSS
7.1AI Score
0.0004EPSS
The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpsp_maybe_unserialize' function. This makes it possible for authenticated attackers, with....
7.5CVSS
7.4AI Score
0.0004EPSS
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc...
7.6AI Score
0.0004EPSS
SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function...
8.7AI Score
0.002EPSS