Lucene search

K

F5 Networks, Inc. Security Vulnerabilities

cvelist
cvelist

CVE-2024-35742 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 07:40 AM
nessus
nessus

F5 Networks BIG-IP : Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability (K56142644)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K56142644 advisory. On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before...

9.1CVSS

9.4AI Score

0.002EPSS

2021-03-10 12:00 AM
25
cve
cve

CVE-2024-36742

An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of...

7AI Score

EPSS

2024-06-06 05:15 PM
20
cvelist
cvelist

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

EPSS

1976-01-01 12:00 AM
nvd
nvd

CVE-2022-0551

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...

7.2CVSS

0.001EPSS

2022-03-24 03:15 PM
1
cvelist
cvelist

CVE-2024-32826 WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-04-26 11:09 AM
1
osv
osv

GeniXCMS SQL Injection

GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid...

8.8CVSS

8.2AI Score

0.001EPSS

2022-05-17 02:46 AM
7
cvelist
cvelist

CVE-2024-36730

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones...

EPSS

1976-01-01 12:00 AM
1
vulnrichment
vulnrichment

CVE-2024-5006 Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via size Parameter

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-05 07:34 AM
cvelist
cvelist

CVE-2024-36737

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full...

EPSS

1976-01-01 12:00 AM
1
osv
osv

GeniXCMS Cross-site Scripting (XSS) via id parameter

In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id...

6.1CVSS

5.7AI Score

0.001EPSS

2022-05-17 12:36 AM
4
cvelist
cvelist

CVE-2022-0550 Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks...

6.3CVSS

7.3AI Score

0.001EPSS

2022-03-24 02:15 PM
github
github

GeniXCMS Cross-site Scripting (XSS) via id parameter

In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id...

6.1CVSS

5.7AI Score

0.001EPSS

2022-05-17 12:36 AM
5
cve
cve

CVE-2024-36732

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

7AI Score

EPSS

2024-06-06 07:15 PM
20
cve
cve

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

7AI Score

EPSS

2024-06-06 06:15 PM
26
nvd
nvd

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...

EPSS

2024-06-06 06:15 PM
cve
cve

CVE-2024-36730

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones...

7AI Score

EPSS

2024-06-06 07:15 PM
22
nvd
nvd

CVE-2024-36737

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full...

EPSS

2024-06-06 06:15 PM
1
cve
cve

CVE-2024-36737

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full...

7AI Score

EPSS

2024-06-06 06:15 PM
20
nvd
nvd

CVE-2024-35638

Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through...

4.3CVSS

5.1AI Score

0.0004EPSS

2024-06-03 09:15 AM
1
github
github

GeniXCMS SQL Injection

GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid...

8.8CVSS

8.2AI Score

0.001EPSS

2022-05-17 02:46 AM
5
cve
cve

CVE-2024-32809

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

6.8AI Score

0.0004EPSS

2024-05-17 10:15 AM
34
cvelist
cvelist

CVE-2024-5006 Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via size Parameter

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-05 07:34 AM
1
cvelist
cvelist

CVE-2024-36732

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

EPSS

1976-01-01 12:00 AM
2
cve
cve

CVE-2024-36734

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim...

7AI Score

EPSS

2024-06-06 07:15 PM
25
cve
cve

CVE-2024-1872

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.28 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

8.8CVSS

9.3AI Score

0.0004EPSS

2024-03-29 07:15 AM
26
nessus
nessus

F5 Networks BIG-IP : Linux kernel vulnerability (K28241423)

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain...

8.1CVSS

8AI Score

0.012EPSS

2019-09-25 12:00 AM
21
nvd
nvd

CVE-2024-36742

An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of...

EPSS

2024-06-06 05:15 PM
cvelist
cvelist

CVE-2024-36734

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim...

EPSS

1976-01-01 12:00 AM
2
cvelist
cvelist

CVE-2024-3946 WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-05-30 04:31 AM
1
nvd
nvd

CVE-2024-36734

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim...

EPSS

2024-06-06 07:15 PM
nvd
nvd

CVE-2024-36740

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of...

EPSS

2024-06-06 07:15 PM
githubexploit
githubexploit

Exploit for CVE-2023-33105

CVE-2023-33105: Transient DOS in WLAN Host and Firmware...

7.5CVSS

7.3AI Score

0.0005EPSS

2024-06-10 05:20 PM
82
cvelist
cvelist

CVE-2024-30460 WordPress Tumult Hype Animations plugin <= 1.9.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through...

4.3CVSS

4.9AI Score

0.0004EPSS

2024-03-29 04:32 PM
cve
cve

CVE-2024-30460

Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-03-29 05:15 PM
30
cvelist
cvelist

CVE-2024-32809 WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

9.6AI Score

0.0004EPSS

2024-05-17 09:39 AM
cve
cve

CVE-2024-36740

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of...

7AI Score

EPSS

2024-06-06 07:15 PM
22
cve
cve

CVE-2024-3946

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 05:15 AM
23
cve
cve

CVE-2024-1360

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended.....

4.3CVSS

5.1AI Score

0.0004EPSS

2024-02-23 11:15 AM
54
cve
cve

CVE-2024-3670

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-02 05:15 PM
34
cve
cve

CVE-2024-3555

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

7.2CVSS

7AI Score

0.0005EPSS

2024-06-04 06:15 AM
1
cvelist
cvelist

CVE-2024-3945 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage()

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged...

4.3CVSS

4.7AI Score

0.0005EPSS

2024-05-30 04:31 AM
2
vulnrichment
vulnrichment

CVE-2024-3555 Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

7.2CVSS

6.8AI Score

0.0005EPSS

2024-06-04 05:32 AM
nvd
nvd

CVE-2024-3555

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

7.2CVSS

6.8AI Score

0.0005EPSS

2024-06-04 06:15 AM
cvelist
cvelist

CVE-2024-36740

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of...

EPSS

1976-01-01 12:00 AM
1
cve
cve

CVE-2024-0552

Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote...

9.8CVSS

9.8AI Score

0.002EPSS

2024-01-15 04:15 AM
13
vulnrichment
vulnrichment

CVE-2024-5152 ElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-06 03:53 AM
1
osv
osv

CVE-2023-25661

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

6.5CVSS

6.6AI Score

0.001EPSS

2023-03-27 08:15 PM
1
cvelist
cvelist

CVE-2024-36742

An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of...

EPSS

1976-01-01 12:00 AM
1
vulnrichment
vulnrichment

CVE-2024-32809 WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

6.9AI Score

0.0004EPSS

2024-05-17 09:39 AM
Total number of security vulnerabilities314658