Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SparkWeb Interactive, Inc. Custom Field Bulk Editor allows Reflected XSS.This issue affects Custom Field Bulk Editor: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katz Web Services, Inc. Contact Form 7 Newsletter allows Reflected XSS.This issue affects Contact Form 7 Newsletter: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected...
6.5CVSS
7.2AI Score
0.0004EPSS
7-Technologies IGSS < 9.0.0.11143 ODBC Invalid Structure RCE
The 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) application installed on the remote Windows host is a version prior to 9.0.0.11143. It is, therefore, affected by a memory corruption issue in the ODBC service due to improper sanitization of user-supplied input. An.....
3.4AI Score
7-Technologies / Schneider-Electric IGSS Data Collector Detection
The Interactive Graphical SCADA System (IGSS) Data Collector 'dc.exe' is running on the remote Windows host. It is an IGSS system component developed by 7-Technologies /...
2AI Score
CVE-2024-32809 WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...
7-Technologies / Schneider-Electric IGSS ODBC Version Identification
A 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) service is running on the remote Windows host, specifically Odbcixv#se.exe, an IGSS system ODBC component. Here the '#' token represents the version number of the executable, which can...
4.4AI Score
7-Technologies / Schneider-Electric IGSS ODBC Service Detection
A 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) service is running on the remote Windows host, specifically Odbcixvse.exe, an IGSS system ODBC component. Here the '' token represents the version number of the executable, which can...
4.9AI Score
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to....
7.5CVSS
7.1AI Score
CVE-2024-32131 WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through...
7.1AI Score
0.0004EPSS
7-Technologies IGSS < 9.0.0.11143 ODBC Remote Memory Corruption
The installed version of IGSS from 7-Technologies is earlier than 9.0.0.11143. As such, it potentially has a memory corruption error in the Open Database Connectivity (ODBC) component listening on TCP port 20222. Using specially crafted packets, an unauthenticated, remote attacker could leverage...
6.5AI Score
Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through...
10CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through...
0.0004EPSS
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions...
5.3CVSS
7.2AI Score
Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file...
7.8AI Score
0.881EPSS
Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys...
7.5AI Score
0.0004EPSS
About the security content of macOS Ventura 13.6.7
About the security content of macOS Ventura 13.6.7 This document describes the security content of macOS Ventura 13.6.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
8AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through...
9.1CVSS
7.4AI Score
0.0004EPSS
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET...
6.9AI Score
0.034EPSS
7.5CVSS
7.4AI Score
0.0004EPSS
5.9CVSS
7.7AI Score
0.0004EPSS
Memory corruption when size of buffer from previous call is used without validation or...
8.4CVSS
7.8AI Score
0.001EPSS
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is...
7.5CVSS
7.4AI Score
0.0005EPSS
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor...
8.4CVSS
7.6AI Score
0.001EPSS
CVE-2024-34564 WordPress Counter Up plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Inc. Counter Up allows Stored XSS.This issue affects Counter Up: from n/a through...
6.4AI Score
0.0004EPSS
Memory corruption when the channel ID passed by user is not validated and further...
7.8CVSS
7.6AI Score
0.0004EPSS
7.3CVSS
7.6AI Score
0.0005EPSS
8.4CVSS
7.6AI Score
0.001EPSS
8.4CVSS
7.8AI Score
0.001EPSS
Memory corruption while querying module parameters from Listen Sound model client in kernel from user...
6.7CVSS
7.5AI Score
0.0004EPSS
In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID:...
7.6AI Score
0.0004EPSS
In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID:...
7.5AI Score
0.0004EPSS
In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID:...
7.6AI Score
0.0004EPSS
In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID:...
6.5AI Score
0.0004EPSS
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
6AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: gnutls-3.8.4-1.fc38
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and....
7.3AI Score
0.0005EPSS
A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential...
7.8AI Score
0.0004EPSS
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC...
8.4CVSS
7.6AI Score
0.001EPSS
Memory corruption when the bandpass filter order received from AHAL is not within the expected...
6.7CVSS
7.6AI Score
0.0004EPSS
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected...
6.1CVSS
7.2AI Score
0.0004EPSS
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID:...
7.6AI Score
0.0004EPSS
In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID:...
7.5AI Score
0.0004EPSS
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID:...
7.5AI Score
0.0004EPSS
In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID:...
7.3AI Score
0.0004EPSS
7-Technologies IGSS < 9.0.0.11291 DLL Loading Arbitrary Code Execution
The installed version of IGSS from 7-Technologies is earlier than 9.0.0.11291 and is, therefore, potentially affected by an insecure DLL loading vulnerability. Attackers may exploit this issue by placing a specially crafted DLL file and another file associated with the application in a location...
4.9AI Score
8.4CVSS
7.6AI Score
0.001EPSS
Memory corruption when the payload received from firmware is not as per the expected protocol...
7.8CVSS
7.7AI Score
0.0004EPSS
Memory corruption while copying the sound model data from user to kernel buffer during sound model...
6.7CVSS
7.6AI Score
0.0004EPSS
Memory corruption when multiple listeners are being registered with the same file...
6.7CVSS
7.7AI Score
0.0004EPSS