Lucene search

K

Ragic, Inc. Security Vulnerabilities

cvelist
cvelist

CVE-2024-1467 Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and...

4.3CVSS

5.8AI Score

0.001EPSS

2024-05-09 08:03 PM
cve
cve

CVE-2024-32144

Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-11 04:15 PM
31
nvd
nvd

CVE-2024-4611

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

8.1CVSS

8AI Score

0.001EPSS

2024-05-29 05:16 AM
1
cvelist
cvelist

CVE-2021-47249 net: rds: fix memory leak in rds_recvmsg

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ......

6.3AI Score

0.0004EPSS

2024-05-21 02:19 PM
1
cve
cve

CVE-2024-23524

Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-10 08:15 AM
34
cve
cve

CVE-2024-1137

The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise....

4.3CVSS

4.6AI Score

0.0004EPSS

2024-03-12 06:15 PM
26
vulnrichment
vulnrichment

CVE-2024-1872

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.28 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-03-29 06:44 AM
1
cve
cve

CVE-2024-3849

The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution...

8.8CVSS

7.5AI Score

0.001EPSS

2024-05-02 05:15 PM
42
cve
cve

CVE-2021-47249

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ......

6.6AI Score

0.0004EPSS

2024-05-21 03:15 PM
26
cvelist
cvelist

CVE-2024-32144 WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-11 03:48 PM
1
cve
cve

CVE-2024-25095

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.3AI Score

0.001EPSS

2024-06-04 07:18 PM
14
nvd
nvd

CVE-2024-23524

Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-10 08:15 AM
3
nvd
nvd

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.3CVSS

0.0005EPSS

2024-06-10 08:15 AM
2
nvd
nvd

CVE-2024-5006

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS

5.7AI Score

0.001EPSS

2024-06-05 08:15 AM
nvd
nvd

CVE-2024-32144

Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-11 04:15 PM
1
cve
cve

CVE-2024-2088

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

8.5CVSS

6.3AI Score

0.001EPSS

2024-05-22 07:15 AM
33
cve
cve

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.3CVSS

5.5AI Score

0.0005EPSS

2024-06-10 08:15 AM
21
cve
cve

CVE-2024-4697

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

6AI Score

0.001EPSS

2024-06-04 06:15 AM
17
vulnrichment
vulnrichment

CVE-2024-4697 Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-04 05:32 AM
cvelist
cvelist

CVE-2024-23524 WordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-10 08:03 AM
1
vulnrichment
vulnrichment

CVE-2024-23524 WordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-10 08:03 AM
vulnrichment
vulnrichment

CVE-2021-47249 net: rds: fix memory leak in rds_recvmsg

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ......

6.7AI Score

0.0004EPSS

2024-05-21 02:19 PM
2
cvelist
cvelist

CVE-2024-1447

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-02-20 06:56 PM
1
cvelist
cvelist

CVE-2024-1872

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.28 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-03-29 06:44 AM
vulnrichment
vulnrichment

CVE-2024-2618 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 04:29 AM
nvd
nvd

CVE-2024-4697

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-04 06:15 AM
1
vulnrichment
vulnrichment

CVE-2024-35742 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

5.3CVSS

7.2AI Score

0.0005EPSS

2024-06-10 07:40 AM
cve
cve

CVE-2024-36735

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is...

7.2AI Score

EPSS

2024-06-06 07:15 PM
26
cve
cve

CVE-2024-1043

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-02-29 01:43 AM
49
nvd
nvd

CVE-2024-36735

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is...

EPSS

2024-06-06 07:15 PM
1
nvd
nvd

CVE-2024-5191

The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS

0.001EPSS

2024-06-21 07:15 AM
2
cvelist
cvelist

CVE-2024-25095 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-04 06:37 PM
1
cvelist
cvelist

CVE-2024-36735

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is...

EPSS

1976-01-01 12:00 AM
vulnrichment
vulnrichment

CVE-2024-3946 WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 04:31 AM
2
cvelist
cvelist

CVE-2024-1360

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended.....

4.3CVSS

4.5AI Score

0.0004EPSS

2024-02-23 11:03 AM
cve
cve

CVE-2024-5006

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

6AI Score

0.001EPSS

2024-06-05 08:15 AM
22
cvelist
cvelist

CVE-2024-3670

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-02 04:52 PM
cve
cve

CVE-2024-36736

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is...

7.2AI Score

EPSS

2024-06-06 06:15 PM
20
nvd
nvd

CVE-2024-5489

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level.....

4.3CVSS

4.3AI Score

0.001EPSS

2024-06-06 12:15 PM
cvelist
cvelist

CVE-2024-5191 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.17 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.001EPSS

2024-06-21 06:58 AM
2
vulnrichment
vulnrichment

CVE-2024-28042 SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

7.1AI Score

0.0004EPSS

2024-05-15 04:44 PM
cvelist
cvelist

CVE-2024-28042 SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

8.7AI Score

0.0004EPSS

2024-05-15 04:44 PM
vulnrichment
vulnrichment

CVE-2024-5006 Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via size Parameter

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-05 07:34 AM
cvelist
cvelist

CVE-2024-35638 WordPress ActiveDEMAND plugin <= 0.2.43 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through...

4.3CVSS

5AI Score

0.0004EPSS

2024-06-03 08:57 AM
1
nvd
nvd

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

EPSS

2024-06-06 06:15 PM
almalinux
almalinux

Moderate: perl:5.32 security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-05-22 12:00 AM
5
vulnrichment
vulnrichment

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

6.8AI Score

EPSS

1976-01-01 12:00 AM
vulnrichment
vulnrichment

CVE-2024-5152 ElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-06 03:53 AM
1
cve
cve

CVE-2024-28042

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

7AI Score

0.0004EPSS

2024-05-15 05:15 PM
8
nvd
nvd

CVE-2024-25095

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-04 07:18 PM
1
Total number of security vulnerabilities288601