Lucene search

K

Ragic, Inc. Security Vulnerabilities

nessus
nessus

VMware vCenter Detect

VMware vCenter is running on the remote host. It is an enterprise- grade computer virtualization product from VMware,...

1.9AI Score

2012-11-27 12:00 AM
17
nvd
nvd

CVE-2024-33222

An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

7.6AI Score

EPSS

2024-05-22 04:15 PM
nvd
nvd

CVE-2024-33219

An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

7.6AI Score

EPSS

2024-05-22 03:15 PM
cvelist
cvelist

CVE-2024-33221

An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

7.7AI Score

EPSS

1976-01-01 12:00 AM
cve
cve

CVE-2024-2500

The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and...

6.4CVSS

7.8AI Score

0.0004EPSS

2024-03-22 02:15 AM
34
cvelist
cvelist

CVE-2024-2500

The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-03-22 01:59 AM
cvelist
cvelist

CVE-2024-33220

An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

7.6AI Score

EPSS

1976-01-01 12:00 AM
cve
cve

CVE-2024-33219

An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

7.9AI Score

EPSS

2024-05-22 03:15 PM
24
cve
cve

CVE-2023-2420

A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be...

9.8CVSS

9.7AI Score

0.003EPSS

2023-04-29 02:15 AM
29
cve
cve

CVE-2024-33221

An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

8AI Score

EPSS

2024-05-22 03:15 PM
25
nvd
nvd

CVE-2024-33221

An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

7.7AI Score

EPSS

2024-05-22 03:15 PM
1
almalinux
almalinux

Moderate: perl:5.32 security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-05-22 12:00 AM
5
cvelist
cvelist

CVE-2024-33223

An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

7.6AI Score

EPSS

1976-01-01 12:00 AM
1
nvd
nvd

CVE-2024-33218

An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

7.6AI Score

EPSS

2024-05-22 03:15 PM
1
cve
cve

CVE-2024-5757

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-13 06:15 AM
16
cvelist
cvelist

CVE-2024-33219

An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

7.6AI Score

EPSS

1976-01-01 12:00 AM
cvelist
cvelist

CVE-2024-4700 WP Table Builder – WordPress Table Plugin <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-21 09:31 AM
cvelist
cvelist

CVE-2024-33218

An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

7.6AI Score

EPSS

1976-01-01 12:00 AM
cve
cve

CVE-2024-33218

An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...

7.9AI Score

EPSS

2024-05-22 03:15 PM
25
oraclelinux
oraclelinux

perl-CPAN security update

[2.18-399] - Fix tests to run in correct order [2.18-398] - Fix CVE-2023-31484 - Package tests [2.18-397] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.18-396] - Rebase patches to prevent from installing back-up files [2.18-395] - Rebuilt for...

8.1CVSS

6.8AI Score

0.003EPSS

2024-05-23 12:00 AM
3
nessus
nessus

MyBB HTTP Header 'CLIENT-IP' Field SQLi

The version of MyBB installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'CLIENT-IP' request header before using it in a database query when initiating a session in the inc/class_session.php script. A remote attacker...

7.1AI Score

0.012EPSS

2006-07-17 12:00 AM
57
nvd
nvd

CVE-2024-4361

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-21 11:15 AM
nvd
nvd

CVE-2024-32809

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

9.6AI Score

0.0004EPSS

2024-05-17 10:15 AM
cve
cve

CVE-2024-5851

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....

3.5CVSS

4AI Score

0.0004EPSS

2024-06-11 06:15 PM
29
debiancve
debiancve

CVE-2021-47531

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before...

6.5AI Score

0.0004EPSS

2024-05-24 03:15 PM
3
vulnrichment
vulnrichment

CVE-2024-5851 playSMS SMS Schedule cross site scripting

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....

3.5CVSS

6.4AI Score

0.0004EPSS

2024-06-11 05:31 PM
1
nvd
nvd

CVE-2024-32131

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-17 09:15 AM
1
nvd
nvd

CVE-2024-5851

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....

3.5CVSS

0.0004EPSS

2024-06-11 06:15 PM
2
nvd
nvd

CVE-2024-34567

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through...

5.9CVSS

6.1AI Score

0.0004EPSS

2024-05-17 06:15 AM
cvelist
cvelist

CVE-2024-5851 playSMS SMS Schedule cross site scripting

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....

3.5CVSS

0.0004EPSS

2024-06-11 05:31 PM
2
nvd
nvd

CVE-2024-1762

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

6.1CVSS

6.1AI Score

0.0004EPSS

2024-05-22 07:15 AM
nvd
nvd

CVE-2024-4636

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-15 07:15 AM
1
nvd
nvd

CVE-2024-1416

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke....

4.3CVSS

4.4AI Score

0.001EPSS

2024-05-02 05:15 PM
1
vulnrichment
vulnrichment

CVE-2024-4434 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This.....

9.8CVSS

7.5AI Score

0.001EPSS

2024-05-10 08:32 AM
2
cvelist
cvelist

CVE-2024-2328

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-02 04:52 PM
nessus
nessus

GitLab Web UI Detection

GitLab web user interface detected on remote host. GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking and continuous integration and deployment pipeline features, using an open-source license, developed by GitLab...

0.8AI Score

2021-08-11 12:00 AM
27
ubuntucve
ubuntucve

CVE-2021-47531

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that....

6.5AI Score

0.0004EPSS

2024-05-24 12:00 AM
1
cvelist
cvelist

CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the....

5.3CVSS

5.9AI Score

0.001EPSS

2024-05-10 08:32 AM
nessus
nessus

MyBB < 1.6.12 Multiple Vulnerabilities

According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities : A cross-site scripting flaw exists in misc.php due to improper validation of input when generating a small popup list of smilies. This allows a remote attacker...

7.3AI Score

0.002EPSS

2014-03-10 12:00 AM
22
cve
cve

CVE-2024-4444

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the....

5.3CVSS

6.7AI Score

0.001EPSS

2024-05-14 03:43 PM
9
vulnrichment
vulnrichment

CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the....

5.3CVSS

6.8AI Score

0.001EPSS

2024-05-10 08:32 AM
cve
cve

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

7.5CVSS

6.7AI Score

0.0004EPSS

2024-05-23 07:15 AM
50
hackread
hackread

Memcyco Report: Just 6% of Brands Guard Against Digital Impersonation Fraud

By Waqas Memcyco Inc., a provider of digital trust technology designed to protect companies and their customers from digital impersonation… This is a post from HackRead.com Read the original post: Memcyco Report: Just 6% of Brands Guard Against Digital Impersonation...

7.3AI Score

2024-05-21 01:00 PM
5
wpvulndb
wpvulndb

GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 - Missing Authorization

Description The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and...

4.3CVSS

4.4AI Score

0.0004EPSS

2024-04-23 12:00 AM
7
thn
thn

Genesco Inc. Confirms Payment Card Data Breach in U.S. Stores

Specialty retailer Genesco Inc. announced on Friday that it experienced a criminal intrusion into the part of its computer network that processes payment card transactions. Some card details might have been compromised. However, the company quickly secured the affected network segment and...

7.1AI Score

2010-12-12 03:10 AM
3
vulnrichment
vulnrichment

CVE-2024-23336 Incomplete disallowed remote addresses list in MyBB

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's Disallowed Remote Addresses list...

5CVSS

7.1AI Score

0.001EPSS

2024-05-01 06:27 AM
cve
cve

CVE-2024-4434

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This.....

9.8CVSS

7.4AI Score

0.001EPSS

2024-05-14 03:43 PM
6
cve
cve

CVE-2024-29206

An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier)...

2.2CVSS

6.5AI Score

0.0004EPSS

2024-05-07 05:15 PM
33
cvelist
cvelist

CVE-2024-4434 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This.....

9.8CVSS

9.9AI Score

0.001EPSS

2024-05-10 08:32 AM
1
nvd
nvd

CVE-2024-1415

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....

4.3CVSS

4.2AI Score

0.001EPSS

2024-05-02 05:15 PM
Total number of security vulnerabilities288358