Lucene search

K

1app Technologies, Inc Security Vulnerabilities

huawei
huawei

Security Advisory - Connection Hijacking Vulnerability in Some Huawei Home Routers

A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408) This vulnerability has been assigned a...

6.5AI Score

EPSS

2024-04-24 12:00 AM
11
githubexploit
githubexploit

Exploit for Use After Free in Linux Linux Kernel

CVE-2022-2586-LPE LPE N-day Exploit for...

7.8CVSS

7.2AI Score

0.0004EPSS

2022-09-03 07:04 PM
1057
cvelist
cvelist

CVE-2024-3943 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via....

4.3CVSS

4.7AI Score

0.0004EPSS

2024-05-30 04:31 AM
cve
cve

CVE-2024-3313

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server...

8.4CVSS

7AI Score

0.0004EPSS

2024-04-09 11:15 PM
25
github
github

GeniXCMS SQL injection vulnerability

SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to...

7.2CVSS

8.3AI Score

0.002EPSS

2022-05-14 01:20 AM
4
nvd
nvd

CVE-2024-3313

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-04-09 11:15 PM
cvelist
cvelist

CVE-2024-1943

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the reset_customizer_options() function. This makes it possible for unauthenticated attackers to reset the themes settings...

4.3CVSS

4.5AI Score

0.0004EPSS

2024-02-28 06:46 AM
cve
cve

CVE-2024-2026

The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-04-09 07:15 PM
24
cvelist
cvelist

CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

6AI Score

0.001EPSS

2024-05-15 06:51 AM
2
nvd
nvd

CVE-2024-5152

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-06 04:15 AM
1
openvas
openvas

Generic HTTP Directory Traversal (Web Dirs) - Active Check

Generic check for HTTP directory traversal vulnerabilities on each directory of the remote web...

9.8CVSS

8.3AI Score

0.975EPSS

2021-07-22 12:00 AM
10
cvelist
cvelist

CVE-2024-25095 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-04 06:37 PM
1
cvelist
cvelist

CVE-2024-4277 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

6AI Score

0.0004EPSS

2024-05-10 09:32 AM
1
cve
cve

CVE-2024-4329

The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 03:43 PM
10
vulnrichment
vulnrichment

CVE-2024-4329 Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-11 06:43 AM
1
cve
cve

CVE-2024-4636

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-15 07:15 AM
7
cvelist
cvelist

CVE-2024-4887 Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Local File Inclusion

The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level...

7.5CVSS

0.001EPSS

2024-06-07 03:21 AM
osv
osv

Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): golang: html/template: improper handling of HTML-like comments within script contexts...

6.1CVSS

6.8AI Score

0.001EPSS

2024-04-30 12:00 AM
7
almalinux
almalinux

Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): golang: html/template: improper handling of HTML-like comments within script contexts...

6.1CVSS

7.9AI Score

0.001EPSS

2024-04-30 12:00 AM
10
cvelist
cvelist

CVE-2024-4329 Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access.....

6.4CVSS

6AI Score

0.0004EPSS

2024-05-11 06:43 AM
cve
cve

CVE-2024-0431

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_set_default_card' function. This makes it possible for unauthenticated attackers to set the....

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-28 09:15 AM
63
cvelist
cvelist

CVE-2024-0431

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_set_default_card' function. This makes it possible for unauthenticated attackers to set the....

4.3CVSS

4.5AI Score

0.0004EPSS

2024-02-28 08:33 AM
2
tibco
tibco

TIBCO Security Advisory: May 14, 2024 - TIBCO Hawk - CVE-2024-3182

**TIBCO Hawk install-time password disclosure vulnerability ** Original release date: May 14, 2024 Last revised: --- CVE-2024-3182 Source: TIBCO Software Inc. Products Affected TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3. Component Affected: TIBCO Hawk Universal Installer including the...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-05-14 05:42 PM
4
nvd
nvd

CVE-2021-47249

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ......

6.4AI Score

0.0004EPSS

2024-05-21 03:15 PM
nvd
nvd

CVE-2024-4788

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with...

4.3CVSS

4.4AI Score

0.0004EPSS

2024-06-06 02:15 AM
1
vulnrichment
vulnrichment

CVE-2024-4277 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-10 09:32 AM
ubuntucve
ubuntucve

CVE-2023-52739

In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca...

6.8AI Score

0.0004EPSS

2024-05-21 12:00 AM
2
nvd
nvd

CVE-2024-3946

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-05-30 05:15 AM
2
cve
cve

CVE-2024-1778

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to...

4.3CVSS

5.3AI Score

0.0004EPSS

2024-02-23 07:15 AM
49
nvd
nvd

CVE-2024-5646

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated....

6.4CVSS

0.001EPSS

2024-06-11 09:15 PM
1
hackread
hackread

IT and Cybersecurity Jobs in the Age of Emerging AI Technologies

By Waqas Fear AI taking your IT or cybersecurity job? Don't! Learn how AI creates new opportunities in network management, threat detection & more. This is a post from HackRead.com Read the original post: IT and Cybersecurity Jobs in the Age of Emerging AI...

7.3AI Score

2024-04-19 02:07 PM
5
cve
cve

CVE-2024-4361

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-21 11:15 AM
31
cvelist
cvelist

CVE-2024-3947 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings...

4.3CVSS

4.7AI Score

0.0005EPSS

2024-05-30 04:31 AM
cve
cve

CVE-2024-5638

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS

6AI Score

0.001EPSS

2024-06-08 06:15 AM
22
cve
cve

CVE-2023-37244

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-02 02:15 PM
29
cvelist
cvelist

CVE-2024-1778

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-02-23 06:48 AM
cvelist
cvelist

CVE-2024-1779

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-02-23 06:48 AM
cve
cve

CVE-2024-4041

The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS

6.3AI Score

0.001EPSS

2024-05-14 03:42 PM
13
cvelist
cvelist

CVE-2024-4041 Yoast SEO <= 22.5 - Reflected Cross-Site Scripting

The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS

6.4AI Score

0.001EPSS

2024-05-09 08:03 PM
1
nvd
nvd

CVE-2024-5613

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS

0.001EPSS

2024-06-08 06:15 AM
2
cvelist
cvelist

CVE-2024-5646 Futurio Extra <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated....

6.4CVSS

0.001EPSS

2024-06-11 08:33 PM
1
cvelist
cvelist

CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

5.3CVSS

5.5AI Score

0.0004EPSS

2024-05-02 01:21 PM
vulnrichment
vulnrichment

CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-05-02 01:21 PM
cve
cve

CVE-2024-1716

The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including, 1.0.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above,...

4.3CVSS

6.3AI Score

0.001EPSS

2024-05-02 05:15 PM
21
cvelist
cvelist

CVE-2024-5638 Formula <= 0.5.1 - Reflected Cross-Site Scripting via ti_customizer_notify_dismiss_recommended_plugins

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS

0.001EPSS

2024-06-08 05:44 AM
2
nvd
nvd

CVE-2007-0794

SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function...

8.3AI Score

0.002EPSS

2007-02-06 07:28 PM
cve
cve

CVE-2024-4364

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

6AI Score

0.0004EPSS

2024-06-06 04:15 AM
24
cvelist
cvelist

CVE-2024-5613 Formula <= 0.5.1 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS

0.001EPSS

2024-06-08 05:44 AM
2
vulnrichment
vulnrichment

CVE-2024-5613 Formula <= 0.5.1 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS

6.4AI Score

0.001EPSS

2024-06-08 05:44 AM
cvelist
cvelist

CVE-2024-5489 Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level.....

4.3CVSS

4.3AI Score

0.001EPSS

2024-06-06 11:33 AM
2
Total number of security vulnerabilities308257