Lucene search

K

Tomas | Docs | FAQ | Premium Support Security Vulnerabilities

osv
osv

CVE-2024-22048

govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search...

6.1CVSS

6.1AI Score

0.001EPSS

2024-01-04 09:15 PM
6
packetstorm

7.4AI Score

2024-06-14 12:00 AM
70
osv
osv

Malicious code in tec-docs (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (125ddb22e15354e2319586116faa892343d4a86c8f79c9d6ed274d9acfb5f20d) The OpenSSF Package Analysis project identified 'tec-docs' @ 1.0.0 (npm) as malicious. It is considered malicious because: The package...

7.3AI Score

2024-05-27 03:08 PM
7
osv
osv

CVE-2024-1485

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the parent or plugin keywords. This could download a malicious archive and cause the cleanup process to overwrite or....

8CVSS

7.8AI Score

0.0004EPSS

2024-02-14 12:15 AM
3
osv
osv

registry-support: decompress can delete files outside scope via relative paths

A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files...

8CVSS

7.8AI Score

0.0004EPSS

2024-02-14 12:35 AM
5
osv
osv

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer...

6.5CVSS

6.2AI Score

0.001EPSS

2022-11-15 08:15 PM
1
osv
osv

ezsystems/ez-support-tools Failing access control in system info view

This Security Advisory is about a vulnerability in ezsystems/ez-support-tools v2.2, part of Ibexa DXP v3.2. Older versions are not affected. A user having insufficient permissions is able to access the system information tabs if they type in the direct link (the link is not shown in the menu). The....

6.7AI Score

2024-05-15 09:07 PM
2
osv
osv

CVE-2022-46163

Travel support program is a rails app to support the travel support program of openSUSE (TSP). Sensitive user data (bank account details, password Hash) can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...

7.5CVSS

7.1AI Score

0.001EPSS

2023-01-10 09:15 PM
1
packetstorm

7.1AI Score

0.0004EPSS

2024-05-31 12:00 AM
34
github
github

ezsystems/ez-support-tools Failing access control in system info view

This Security Advisory is about a vulnerability in ezsystems/ez-support-tools v2.2, part of Ibexa DXP v3.2. Older versions are not affected. A user having insufficient permissions is able to access the system information tabs if they type in the direct link (the link is not shown in the menu). The....

6.7AI Score

2024-05-15 09:07 PM
4
ibm
ibm

Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.

Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code level listed below. CVE-2023-2650. Vulnerability Details ** CVEID: CVE-2023-2650 DESCRIPTION:...

6.5CVSS

6.7AI Score

0.001EPSS

2024-05-15 11:37 PM
12
zdt

7.6CVSS

6.7AI Score

0.0004EPSS

2024-06-02 12:00 AM
6
wpexploit
wpexploit

FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.7AI Score

EPSS

2024-05-28 12:00 AM
6
exploitdb

7.6CVSS

7.1AI Score

0.0004EPSS

2024-05-31 12:00 AM
35
veeam
veeam

My Account Portal - Role Management FAQ

Only the License Administrator and designated Case Administrators can submit support cases. Please be sure to verify your License Administrator and define valid Case Administrators for your Veeam...

2.5AI Score

2016-12-28 12:00 AM
6
nuclei
nuclei

EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the...

5.3CVSS

5.1AI Score

0.029EPSS

2024-04-28 06:04 AM
8
wpvulndb
wpvulndb

BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg < 3.3.4 - Unauthenticated PHP Object Injection

Description The BetterDocs plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.3 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable...

9CVSS

7.4AI Score

0.0004EPSS

2024-06-06 12:00 AM
2
nuclei
nuclei

WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting

WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p...

6.1CVSS

6.1AI Score

0.002EPSS

2021-07-15 11:40 AM
4
nuclei
nuclei

WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting

WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via Display_FAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS

6.2AI Score

0.004EPSS

2023-03-18 10:07 PM
osv
osv

Gravity Forms stored HTML injection vulnerability

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.4CVSS

7.2AI Score

0.001EPSS

2022-05-24 05:39 PM
3
osv
osv

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor,...

4.8CVSS

5.4AI Score

0.001EPSS

2022-05-24 05:39 PM
4
wpvulndb
wpvulndb

FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). PoC The PoC will be displayed on...

5.5AI Score

EPSS

2024-05-28 12:00 AM
3
osv
osv

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature

A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor,...

5.4CVSS

5.4AI Score

0.001EPSS

2022-05-24 05:39 PM
3
nuclei
nuclei

WordPress Nirweb Support <2.8.2 - SQL Injection

WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute...

9.8CVSS

9.8AI Score

0.013EPSS

2022-10-06 03:23 PM
8
osv
osv

Gravity Forms plugin leak hashed passwords

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user-&gt;get($property)...

7.5CVSS

6.9AI Score

0.002EPSS

2022-05-24 05:18 PM
3
veeam
veeam

Veeam Backup & Replication support for VMware vSphere

This article provides VMware vSphere compatibility information for the most recent version of Veeam Backup &...

6.5AI Score

2018-02-12 12:00 AM
30
photon
photon

Moderate Photon OS Security Update - PHSA-2024-4.0-0625

Updates of ['libvirt'] packages of Photon OS have been...

9.8CVSS

9.6AI Score

0.001EPSS

2024-06-07 12:00 AM
photon
photon

Moderate Photon OS Security Update - PHSA-2024-5.0-0286

Updates of ['libvirt'] packages of Photon OS have been...

9.8CVSS

9.6AI Score

0.001EPSS

2024-06-07 12:00 AM
1
redhat
redhat

(RHSA-2024:3426) Important: varnish:6 security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): varnish:6: HTTP/2 Broken Window Attack may result in denial of service...

6.8AI Score

0.0004EPSS

2024-05-28 01:07 PM
1
osv

8CVSS

7.8AI Score

0.0004EPSS

2024-06-05 03:10 PM
veeam
veeam

VM Disks Support for oVirt Incremental Backup

Backup warning: "Unable to enabled ovirt incremental backups for disk. Full scan backups will be...

7.1AI Score

2021-10-07 12:00 AM
7
amazon
amazon

Important: postgresql

Issue Overview: While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server memory. The.....

8.8CVSS

8.3AI Score

0.015EPSS

2024-06-06 08:17 PM
1
photon
photon

Important Photon OS Security Update - PHSA-2024-5.0-0274

Updates of ['linux', 'linux-secure', 'linux-rt'] packages of Photon OS have been...

9.8CVSS

9.9AI Score

0.001EPSS

2024-05-18 12:00 AM
6
nuclei
nuclei

ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting

A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid...

5.9AI Score

0.004EPSS

2021-07-13 05:08 PM
4
redhat
redhat

(RHSA-2024:3305) Important: varnish:6 security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): varnish:6: HTTP/2 Broken Window Attack may result in denial of service...

6.8AI Score

0.0004EPSS

2024-05-23 05:51 AM
3
cve
cve

CVE-2024-0596

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...

5.3CVSS

6AI Score

0.0005EPSS

2024-02-10 07:15 AM
47
cve
cve

CVE-2024-35741

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
23
oraclelinux
oraclelinux

go-toolset:ol8 security update

delve golang [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 go-toolset [1.21.9-1] - Fix CVE-2023-45288 - Resolves:...

7.3AI Score

0.0004EPSS

2024-05-29 12:00 AM
1
github
github

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor,...

4.8CVSS

5.6AI Score

0.001EPSS

2022-05-24 05:39 PM
5
oraclelinux
oraclelinux

nodejs security update

[1:16.20.2-8.0.1] - Fix CVE-2024-28182, CVE-2024-22025, CVE-2024-25629, CVE-2024-27982,...

5.3CVSS

7.3AI Score

0.0004EPSS

2024-05-22 12:00 AM
4
wpvulndb
wpvulndb

Joli FAQ SEO – WordPress FAQ Plugin < 1.3.3 - Cross-Site Request Forgery

Description The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to...

4.3CVSS

6.6AI Score

0.0005EPSS

2024-05-07 12:00 AM
2
github
github

Gravity Forms plugin leak hashed passwords

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user-&gt;get($property)...

7.5CVSS

7.2AI Score

0.002EPSS

2022-05-24 05:18 PM
5
oraclelinux
oraclelinux

tomcat security and bug fix update

[1:9.0.87-1.el8_10.1] - Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly - Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) -...

6.8AI Score

0.0004EPSS

2024-06-06 12:00 AM
4
cve
cve

CVE-2024-4939

The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-05 08:15 AM
22
github
github

Gravity Forms stored HTML injection vulnerability

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.4CVSS

7.4AI Score

0.001EPSS

2022-05-24 05:39 PM
5
github
github

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature

A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor,...

5.4CVSS

5.5AI Score

0.001EPSS

2022-05-24 05:39 PM
3
rocky
rocky

tomcat security and bug fix update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer...

7.1AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
redhat
redhat

(RHSA-2024:2938) Important: varnish:6 security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): varnish:6: HTTP/2 Broken Window Attack may result in denial of service...

7.2AI Score

0.0004EPSS

2024-05-21 04:57 AM
2
veeam
veeam

Veeam Cloud Connect - Compiling Provider/Tenant Logs for Support Cases

Veeam Cloud Connect - Compiling Provider/Tenant Logs for Support...

1.5AI Score

2016-02-09 12:00 AM
6
redhat
redhat

(RHSA-2024:2820) Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): varnish: HTTP/2 Broken Window Attack may result in denial of service...

6.8AI Score

0.0004EPSS

2024-05-13 12:58 AM
5
Total number of security vulnerabilities267732