Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8...
6.1AI Score
0.0005EPSS
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site...
6AI Score
0.001EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.2AI Score
0.001EPSS
The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
6AI Score
0.0004EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite.....
5.8AI Score
0.0004EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.2AI Score
0.001EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
6AI Score
0.001EPSS
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an...
5.9CVSS
5.7AI Score
0.008EPSS
@workos-inc/authkit-nextjs vulnerable to Session Fixation. This vulnerability is due to the improper handling of expired sessions within session.ts. This allowing an attacker to reuse an expired session by controlling the x-workos-session...
6.8AI Score
0.0004EPSS
@workos-inc/authkit-nextjs session replay vulnerability
Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...
7.1AI Score
0.0004EPSS
@workos-inc/authkit-nextjs session replay vulnerability
Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...
5.2AI Score
0.0004EPSS
7-Technologies AQUIS Detection
AQUIS is installed on the remote Windows host. It is a tool developed by 7-Technologies for hydraulic modeling of a water...
2.3AI Score
RealFlex Technologies RealWin Detection
RealWin, a SCADA server package from RealFlex Technologies to monitor and control real-time applications, is installed on the remote Windows...
2.2AI Score
7-Technologies TERMIS Detection
TERMIS is installed on the remote Windows host. It is a tool developed by 7-Technologies for hydraulic modeling of an energy...
1.4AI Score
A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged...
7.6AI Score
0.0004EPSS
Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting
Description The Code Insert Manager (Q2W3 Inc Manager) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
6.7AI Score
0.0004EPSS
7.4AI Score
Exploit for Vulnerability in Rarlab Winrar
CVE-2023-38831 PoC (Proof Of Concept) This is an easy to use...
8.1AI Score
0.355EPSS
Trading Technologies Messaging (ttm_cmd) Detection
The remote host is listening for Trading Technologies Messaging (TTM) ttm_cmd connections. TTM is used as middleware by all TT machines to communicate across the network (whether LAN or WAN), route TT communication via WAN Routing, and broadcast server...
1.7AI Score
Code Injection Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
NetScaler ADC is an application delivery controller. NetScaler Gateway is an access gateway with an SSL VPN solution that provides single sign-on and authentication for remote end users of network assets. Both are Citrix products. A code injection vulnerability exists in Citrix NetScaler ADC and...
8.8CVSS
8.2AI Score
0.02EPSS
Keysight Technologies Sensor Management Server Detection
The Keysight Sensor Management Server (SMS), a component of the Keysight RF Sensor Software, is running on the remote...
0.7AI Score
7-Technologies / Schneider-Electric IGSS Detection
IGSS (Interactive Graphical SCADA System) is installed on the remote Windows host. It is a SCADA system for process control and supervision developed by 7-Technologies /...
2.5AI Score
Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive...
7.4AI Score
0.001EPSS
7-Technologies IGSS < 9.0.0.11129 Multiple DoS Vulnerabilities
The installed version of IGSS from 7-Technologies is earlier than 9.0.0.11129 and is, therefore, reportedly affected by several denial of service vulnerabilities. Using specially crafted packets to the IGSSdataServer service listening on TCP port 12401 or the dc.exe service on TCP port 12397, an...
3.5AI Score
7-Technologies IGSS < 10.0.0 ODBC Buffer Overflow RCE
The 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) application installed on the remote Windows host is a version prior to 10.0.0. It is, therefore, affected by a stack-based buffer overflow condition in the ODBC service due to improper sanitization of user-supplied...
4.2AI Score
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML...
6.8AI Score
0.0005EPSS
7-Technologies IGSS < 9.0.0.11143 ODBC Invalid Structure RCE
The 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) application installed on the remote Windows host is a version prior to 9.0.0.11143. It is, therefore, affected by a memory corruption issue in the ODBC service due to improper sanitization of user-supplied input. An.....
3.4AI Score
7-Technologies / Schneider-Electric IGSS Data Collector Detection
The Interactive Graphical SCADA System (IGSS) Data Collector 'dc.exe' is running on the remote Windows host. It is an IGSS system component developed by 7-Technologies /...
2AI Score
7-Technologies / Schneider-Electric IGSS ODBC Version Identification
A 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) service is running on the remote Windows host, specifically Odbcixv#se.exe, an IGSS system ODBC component. Here the '#' token represents the version number of the executable, which can...
4.4AI Score
7-Technologies / Schneider-Electric IGSS ODBC Service Detection
A 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) service is running on the remote Windows host, specifically Odbcixvse.exe, an IGSS system ODBC component. Here the '' token represents the version number of the executable, which can...
4.9AI Score
Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout...
6.4AI Score
0.001EPSS
7-Technologies IGSS < 9.0.0.11143 ODBC Remote Memory Corruption
The installed version of IGSS from 7-Technologies is earlier than 9.0.0.11143. As such, it potentially has a memory corruption error in the Open Database Connectivity (ODBC) component listening on TCP port 20222. Using specially crafted packets, an unauthenticated, remote attacker could leverage...
6.5AI Score
Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout...
5.4AI Score
0.0004EPSS
The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
6AI Score
0.001EPSS
7-Technologies IGSS < 9.0.0.11291 DLL Loading Arbitrary Code Execution
The installed version of IGSS from 7-Technologies is earlier than 9.0.0.11291 and is, therefore, potentially affected by an insecure DLL loading vulnerability. Attackers may exploit this issue by placing a specially crafted DLL file and another file associated with the application in a location...
4.9AI Score
Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the...
6.3AI Score
0.0004EPSS
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary...
7AI Score
0.001EPSS
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
6.1AI Score
0.001EPSS
inc-conso.fr Cross Site Scripting vulnerability OBB-3872425
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Keysight Technologies Sensor Management Server Deserialization RCE (CVE-2022-1660)
The Keysight Sensor Management Server (SMS) running on the remote host is affected by a Java object deserialization vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code in the context of the account running the Keysight SMS....
2.9AI Score
Future of eCommerce: Emerging Technologies Shaping Online Retail in 2024
By Uzair Amir Top-notch stores are moving online as eCommerce continues to lead with breakthrough innovations that are transforming global business… This is a post from HackRead.com Read the original post: Future of eCommerce: Emerging Technologies Shaping Online Retail in...
7.2AI Score
Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from....
6.2AI Score
0.0004EPSS
Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE...
7.2AI Score
0.001EPSS
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...
8.5CVSS
6.7AI Score
0.001EPSS
7-Technologies AQUIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution
The installed version of 7-Technologies AQUIS on the remote Windows host is 1.5 dated October 13, 2011 or earlier. As such, it insecurely looks in its current working directory when resolving DLL dependencies. Attackers may exploit this issue by placing a specially crafted DLL file and another...
4.7AI Score
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
6.2AI Score
0.001EPSS
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....
4.3CVSS
6.7AI Score
0.001EPSS
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke....
4.3CVSS
7AI Score
0.001EPSS
The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.7AI Score
0.001EPSS
Keysight Technologies Sensor Management Server addLicenseFile Path Traversal (CVE-2022-38129)
The Keysight Sensor Management Server (SMS) running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to upload and run arbitrary executable files in the context of the account running the...
4.5AI Score