Apache Answer Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...
7.2AI Score
0.0004EPSS
Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This makes it...
8.8CVSS
6.9AI Score
0.001EPSS
CVE-2024-5123 SourceCodester Event Registration System cross site scripting
A vulnerability classified as problematic has been found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file /registrar/. The manipulation of the argument searchbar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has.....
4.3CVSS
6.2AI Score
0.0004EPSS
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input...
5.4CVSS
5.7AI Score
0.001EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: calico, grype, wireguard-go, aactl, prometheus, flux-image-reflector-controller, consul, zot, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubescape, temporal-server, pulumi, dockerize, secrets-store-csi-driver-provider-azure, sigstore-scaffolding,...
5.9CVSS
7.1AI Score
0.963EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization.....
6.4CVSS
5.9AI Score
0.0004EPSS
F5 Networks BIG-IQ Configuration Utility Login Page Detection
The configuration utility login page for F5 Networks BIG-IQ was detected on the remote host. BIG-IQ is a product for managing BIG-IP...
1.6AI Score
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output....
6.4CVSS
5.8AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: calico, flux-image-reflector-controller, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...
9.8CVSS
9.8AI Score
0.001EPSS
Description The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pintra' shortcode in all versions up to, and including, 27.2 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.7AI Score
0.0004EPSS
KeyCloak - Information Exposure
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this...
6.5CVSS
6.4AI Score
0.117EPSS
CVE-2024-35939 dma-direct: Leak pages on dma_set_decrypted() failure
In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dma_set_decrypted() failure On TDX it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is...
6.4AI Score
0.0004EPSS
CVE-2024-5063 PHPGurukul Online Course Registration System index.php sql injection
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely....
7.3CVSS
7.5AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to...
6.4CVSS
5.8AI Score
0.0004EPSS
7.4AI Score
Wordpress Administration Panel Login Form Bruteforced
The scanner successfully authenticated on the Wordpress administration panel by using weak or predictable...
2.3AI Score
Joomla! 3.4.x < 3.4.4 Login Module XSS
According to its self-reported version number, the Joomla! installation running on the remote web server is 3.4.x prior to 3.4.4. It is, therefore, affected a cross-site (XSS) scripting vulnerability in the login module due to improper validation of user-supplied input. An unauthenticated, remote.....
6.2AI Score
0.003EPSS
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input...
5.4CVSS
5.8AI Score
0.001EPSS
Use Of A Key Past Its Expiration Date
moodle/moodle is vulnerable to Use of a Key Past its Expiration Date. The vulnerability is caused due to improper key generation, as the same key is used interchangeably for a user's QR login key and their auto-login key. This allows an attacker to exploit the same key used interchangeably for a...
6.8AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to...
6.4CVSS
6AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: calico, flux-image-reflector-controller, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...
6.8AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...
5.5CVSS
6.1AI Score
0.0004EPSS
Netis router MW5360 unauthenticated RCE.
Netis router MW5360 has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the...
9.8CVSS
7.8AI Score
0.005EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient.....
6.4CVSS
5.8AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input...
6.4CVSS
6AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input...
6.4CVSS
5.8AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input...
6.4CVSS
6AI Score
0.0004EPSS
CVE-2024-36913 Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting...
7.1AI Score
0.0004EPSS
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...
7.2CVSS
6.8AI Score
0.0005EPSS
TYPO3 is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper validation of anonymous user sessions in the built-in record registration functionality using recs URL parameters, allowing attackers to create an arbitrary amount of individual session-data records in the...
7.1AI Score
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient.....
6.4CVSS
6AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...
6.5CVSS
6AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input...
6.4CVSS
5.8AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to...
6.4CVSS
5.7AI Score
0.0004EPSS
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output....
6.4CVSS
7.6AI Score
0.0004EPSS
7.3AI Score
CVE-2024-36913 Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting...
6.7AI Score
0.0004EPSS
Nessus was able to log into the remote IBM DB2 server using the supplied...
2AI Score
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through...
3.7CVSS
4.2AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...
6.5CVSS
6.3AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through...
3.7CVSS
6.8AI Score
0.0004EPSS
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This makes it possible for...
6.5CVSS
6.5AI Score
0.001EPSS
CVE-2024-5063 PHPGurukul Online Course Registration System index.php sql injection
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely....
7.3CVSS
7.5AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through...
3.7CVSS
4.2AI Score
0.0004EPSS
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
6.8AI Score
0.0004EPSS
WP-Recall – Registration, Profile, Commerce & More < 16.26.6 - Unauthenticated SQL Injection
Description The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes.....
9.3CVSS
7.8AI Score
0.0004EPSS
The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any...
6.7AI Score
0.0004EPSS
CVE-2021-46932 Input: appletouch - initialize work before device registration
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may happen, since...
6.3AI Score
0.0004EPSS