CVE-2024-38521 Persistent Cross-Site Scripting (XSS) in hushline inbox
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version...
8.8CVSS
0.0004EPSS
CVE-2024-35137 IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: ...
6.2CVSS
0.0004EPSS
CRI-O's pods can break out of resource confinement on cgroupv2 in github.com/cri-o/cri-o
CRI-O's pods can break out of resource confinement on cgroupv2 in...
7.5CVSS
6.7AI Score
0.001EPSS
Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder
Minder trusts client-provided mapping from repo name to upstream ID in...
4.6CVSS
6.7AI Score
0.0004EPSS
5.5CVSS
6.3AI Score
0.001EPSS
chasquid HTTP Request/Response Smuggling vulnerability in github.com/albertito/chasquid in...
7.5CVSS
6.7AI Score
0.0005EPSS
Openshift/telemeter: iss check during jwt authentication can be bypassed in...
7.5CVSS
7AI Score
0.001EPSS
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability to identity spoofing in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Vulnerability Details **...
8.8CVSS
8.3AI Score
0.0004EPSS
CVE-2024-29038 tpm2 does not detect if quote was not generated by TPM
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version...
4.3CVSS
0.0004EPSS
CVE-2024-38531 Nix sandbox escape
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can...
3.6CVSS
0.0004EPSS
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue...
0.0004EPSS
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue...
0.0004EPSS
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue...
0.0004EPSS
CVE-2024-5737 HTML Injection in AdmirorFrames Joomla! Extension
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before...
0.0004EPSS
CVE-2024-5736 SSRF in AdmirorFrames Joomla! Extension
Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before...
0.001EPSS
CVE-2024-5735 Full Path Disclosure in AdmirorFrames Joomla! Extension
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before...
0.0004EPSS
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
7.2AI Score
0.0004EPSS
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...
7.2AI Score
0.0004EPSS
The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
0.0004EPSS
The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
5.8AI Score
0.0004EPSS
The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
0.0004EPSS
The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...
6.4CVSS
0.001EPSS
The Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count (Static) widget in all versions up to,.....
6.4CVSS
0.001EPSS
The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
5.8AI Score
0.0004EPSS
The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...
6.4CVSS
5.8AI Score
0.001EPSS
The Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count (Static) widget in all versions up to,.....
6.4CVSS
5.7AI Score
0.001EPSS
The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
0.0004EPSS
The Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count (Static) widget in all versions up to,.....
6.4CVSS
0.001EPSS
The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...
6.4CVSS
0.001EPSS
The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
5.8AI Score
0.0004EPSS
The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
0.0004EPSS
Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery,, denial of service, and arbitrary code execution, as described in the "Vulnerability...
5.9CVSS
8.4AI Score
0.0004EPSS
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...
3.3CVSS
3.7AI Score
0.0004EPSS
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...
3.3CVSS
0.0004EPSS
CVE-2024-30135 Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...
3.3CVSS
3.7AI Score
0.0004EPSS
CVE-2024-30135 Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...
3.3CVSS
0.0004EPSS
The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....
4.7CVSS
0.001EPSS
The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....
4.7CVSS
4.7AI Score
0.001EPSS
The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....
6.4CVSS
0.0004EPSS
The Infinite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘project_url’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
6.4CVSS
0.0004EPSS
The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....
6.4CVSS
5.8AI Score
0.0004EPSS
The Infinite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘project_url’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
6.4CVSS
5.9AI Score
0.0004EPSS
HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected...
3.7CVSS
4.2AI Score
0.0004EPSS
HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data...
3.3CVSS
0.0004EPSS
HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected...
3.7CVSS
0.0004EPSS
HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data...
3.3CVSS
4.2AI Score
0.0004EPSS
The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected...
5.3CVSS
0.0005EPSS
The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected...
5.3CVSS
5.2AI Score
0.0005EPSS
The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....
4.7CVSS
0.001EPSS
The Infinite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘project_url’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
6.4CVSS
6AI Score
0.0004EPSS