Https Security Vulnerabilities
The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
5.4CVSS
7.6AI Score
0.0004EPSS
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied...
5.4CVSS
7.6AI Score
0.0004EPSS
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
7.7AI Score
0.0004EPSS
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
7.6AI Score
0.0004EPSS
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
7.7AI Score
0.0004EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to...
6.4CVSS
5.3AI Score
0.001EPSS
The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on...
8.8CVSS
8.8AI Score
0.003EPSS
6.1CVSS
5.9AI Score
0.0005EPSS
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...
8.8CVSS
8.3AI Score
0.001EPSS
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects...
8.8CVSS
8.8AI Score
0.027EPSS
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the...
5.3CVSS
5.2AI Score
0.001EPSS
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule....
4.3CVSS
4.3AI Score
0.001EPSS
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options.....
8.8CVSS
8.3AI Score
0.002EPSS
Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API...
9.8CVSS
9.2AI Score
0.002EPSS
Path traversal in buttle module versions <= 0.2.0 allows to read any file in the...
7.5CVSS
7.3AI Score
0.004EPSS
An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An...
9.8CVSS
9.6AI Score
0.005EPSS
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped...
9.8CVSS
9.7AI Score
0.005EPSS
There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the metascrape npm module <=...
6.1CVSS
5.8AI Score
0.001EPSS
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely...
9.8CVSS
9.6AI Score
0.002EPSS
The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely...
9.8CVSS
9.7AI Score
0.002EPSS
The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overfl...
9.8CVSS
9.6AI Score
0.002EPSS
The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment...
5.9CVSS
5.5AI Score
0.002EPSS
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST...
7.2CVSS
7.3AI Score
0.006EPSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email...
4.8CVSS
5.2AI Score
0.001EPSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to...
4.8CVSS
5.2AI Score
0.001EPSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to...
4.8CVSS
5.2AI Score
0.001EPSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to...
4.8CVSS
5.2AI Score
0.001EPSS
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable...
4.8CVSS
5.6AI Score
0.001EPSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable...
4.8CVSS
5.2AI Score
0.001EPSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to...
4.8CVSS
5.2AI Score
0.001EPSS
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date...
4.8CVSS
5.6AI Score
0.001EPSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset...
4.8CVSS
5.2AI Score
0.001EPSS
A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the...
9.8CVSS
9.6AI Score
0.003EPSS
6.1CVSS
5.8AI Score
0.001EPSS
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password...
9.8CVSS
9.7AI Score
0.004EPSS
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of...
9.8CVSS
9.6AI Score
0.002EPSS
A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database...
9.1CVSS
9.3AI Score
0.002EPSS
Concatenating unsanitized user input in the whereis npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module...
9.8CVSS
9.4AI Score
0.003EPSS
8.8CVSS
8.8AI Score
0.005EPSS
memjs versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory...
9.1CVSS
9.2AI Score
0.004EPSS
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g....
9.1CVSS
8.9AI Score
0.007EPSS