CVE-2024-3941 reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF
The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF...
5.7AI Score
0.0004EPSS
vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to.....
5.4CVSS
7.1AI Score
0.001EPSS
7.4AI Score
0.0004EPSS
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input.....
6.4CVSS
5.8AI Score
0.0004EPSS
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input...
6.4CVSS
6AI Score
0.0004EPSS
The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
5.4CVSS
5.7AI Score
0.0004EPSS
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
6.5CVSS
7AI Score
0.001EPSS
CVE-2021-47485 IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields Overflowing either addrlimit or bytes_togo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math....
7.3AI Score
0.0004EPSS
The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to...
4.4CVSS
4.6AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of.....
6.1CVSS
4.5AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: cyrus-imapd-3.8.3-1.fc39
The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...
6.5CVSS
6.5AI Score
0.0005EPSS
Business Card <= 1.0.0 - Arbitrary Card Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks PoC Make a logged in admin open an HTML document containing (where <> is a valid...
6.3AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to insufficient input.....
6.4CVSS
5.7AI Score
0.0004EPSS
KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing: XSS will trigger on the...
5.5AI Score
0.0004EPSS
Description The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with...
6.3CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in...
6.6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14.....
6.4CVSS
5.8AI Score
0.0004EPSS
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...
5.4CVSS
5.5AI Score
0.001EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and.....
6.4CVSS
5.8AI Score
0.0004EPSS
SUSE SLED15 / SLES15 Security Update : go1.11 (SUSE-SU-2019:0651-1)
This update for go1.11 to version 1.11.5 fixes the following issues : Security issue fixed : CVE-2019-6486: Fixed a CPU Denial-of-Service vulnerability affecting crypto/ellpitic related to P-521 and P-384 (bsc#1123013 go#29903). Other bug fixes and changes made: Fix erroneous trailing backslash in....
8.2CVSS
8.2AI Score
0.038EPSS
In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields Overflowing either addrlimit or bytes_togo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math....
7.2AI Score
0.0004EPSS
CVE-2021-47485 IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields Overflowing either addrlimit or bytes_togo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math....
6.9AI Score
0.0004EPSS
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input.....
6.4CVSS
6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input...
6.4CVSS
5.8AI Score
0.0004EPSS
The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
5.4CVSS
5.9AI Score
0.0004EPSS
Exploit for Use After Free in Linux Linux Kernel
StackRot (CVE-2023-3269): Linux kernel privilege escalation...
7AI Score
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...
6.4CVSS
5.8AI Score
0.0004EPSS
(RHSA-2024:2731) Moderate: Red Hat OpenStack Platform 17.1 (python-django) security update
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): denial-of-service in intcomma template filter (CVE-2024-24680) ...
6.8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in...
7.6AI Score
0.0004EPSS
SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...
9.8CVSS
8.8AI Score
0.022EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14.....
6.4CVSS
7.6AI Score
0.0004EPSS
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...
5.4CVSS
5.7AI Score
0.001EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to...
5.4CVSS
7.6AI Score
0.0004EPSS
design-smart-home.de Cross Site Scripting vulnerability OBB-3927164
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
10CVSS
8.4AI Score
0.001EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and.....
6.4CVSS
7.6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to...
5.4CVSS
5.2AI Score
0.0004EPSS
phpPgAdmin < 7.14.6 RCE Vulnerability
phpPgAdmin is prone to a remote code execution (RCE) ...
9.8CVSS
9.8AI Score
0.002EPSS
Easy Social Feed < 6.5.7 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...
4.3CVSS
5.6AI Score
0.0004EPSS
Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type,...
7.1CVSS
6.9AI Score
0.0004EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.5AI Score
0.0004EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
7.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through...
6.3CVSS
6.7AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to...
6.4CVSS
6AI Score
0.0004EPSS
openSUSE Security Update : go1.11 (openSUSE-2019-1164)
This update for go1.11 to version 1.11.5 fixes the following issues : Security issue fixed : CVE-2019-6486: Fixed a CPU Denial-of-Service vulnerability affecting crypto/ellpitic related to P-521 and P-384 (bsc#1123013 go#29903). Other bug fixes and changes made : Fix erroneous trailing...
8.2CVSS
8.1AI Score
0.038EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient....
6.4CVSS
6AI Score
0.0004EPSS
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient....
6.4CVSS
5.8AI Score
0.0004EPSS
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which.....
8.5CVSS
6.9AI Score
0.0004EPSS
CVE-2024-34826 WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through...
6.3CVSS
6.9AI Score
0.0004EPSS
Ultimate Maps by Supsystic < 1.2.17 - Cross-Site Request Forgery
Description The Ultimate Maps by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.16. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized.....
4.3CVSS
6.1AI Score
0.0004EPSS