The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
6.1AI Score
EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
EPSS
7.5AI Score
7.5AI Score
CVE-2021-3571 affecting package linuxptp 2.0-8
CVE-2021-3571 affecting package linuxptp 2.0-8. This CVE either no longer is or was never...
7.1CVSS
7.1AI Score
0.003EPSS
CVE-2023-22609 affecting package binutils 2.37-8
CVE-2023-22609 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22604 affecting package binutils 2.37-8
CVE-2023-22604 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22607 affecting package binutils 2.37-8
CVE-2023-22607 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2019-20633 affecting package patch 2.7.6-8
CVE-2019-20633 affecting package patch 2.7.6-8. No patch is available...
5.5CVSS
5.8AI Score
0.001EPSS
CVE-2023-22606 affecting package binutils 2.37-8
CVE-2023-22606 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
6.2CVSS
7.2AI Score
0.0005EPSS
CVE-2022-2990 affecting package buildah 1.18.0-8
CVE-2022-2990 affecting package buildah 1.18.0-8. This CVE either no longer is or was never...
7.1CVSS
9.4AI Score
0.0005EPSS
CVE-2022-41725 affecting package gcc 11.2.0-8
CVE-2022-41725 affecting package gcc 11.2.0-8. This CVE either no longer is or was never...
7.5CVSS
9.1AI Score
0.001EPSS
7.8CVSS
8.2AI Score
0.0004EPSS
CVE-2022-41724 affecting package gcc 11.2.0-8
CVE-2022-41724 affecting package gcc 11.2.0-8. This CVE either no longer is or was never...
7.5CVSS
9.1AI Score
0.001EPSS
CVE-2023-22605 affecting package binutils 2.37-8
CVE-2023-22605 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2023-22603 affecting package binutils 2.37-8
CVE-2023-22603 affecting package binutils 2.37-8. This CVE either no longer is or was never...
6.7AI Score
EPSS
CVE-2020-8563 affecting package kubernetes-1.18.14 1.18.14-8
CVE-2020-8563 affecting package kubernetes-1.18.14 1.18.14-8. No patch is available...
5.5CVSS
7.5AI Score
0.0005EPSS
CVE-2020-25657 affecting package m2crypto 0.35.2-8
CVE-2020-25657 affecting package m2crypto 0.35.2-8. No patch is available...
5.9CVSS
7.5AI Score
0.002EPSS
CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8
CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8. A patched version of the package is...
7.5CVSS
8.9AI Score
0.732EPSS
Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities
Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java.....
7.5CVSS
7AI Score
0.001EPSS
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method...
7.9AI Score
0.0004EPSS
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...
7.4AI Score
0.0004EPSS
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...
0.0004EPSS
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...
0.0004EPSS
Summary The SANnav Management Portal and Global View products are affected due to a Jave SE issue. The affected issue has been addressed and can be resolved by applying the SANnav code level listed below. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968,...
7.4CVSS
7.1AI Score
0.002EPSS
APM Server vulnerable to Insertion of Sensitive Information into Log File in...
7.5CVSS
6.7AI Score
0.001EPSS
Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
Argo-cd authenticated users can enumerate clusters by name in...
4.3CVSS
6.5AI Score
0.0004EPSS
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in...
5.5CVSS
6.7AI Score
0.0004EPSS
SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo
SFTPGo has insufficient access control for password reset in...
5.4CVSS
7AI Score
0.0004EPSS
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords
Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...
7.1AI Score
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified...
7.5CVSS
7.9AI Score
0.0004EPSS
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified...
7.5CVSS
0.0004EPSS
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified...
5.9CVSS
0.0004EPSS
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified...
5.9CVSS
5.6AI Score
0.0004EPSS
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified...
7.5CVSS
0.0004EPSS
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified...
7.5CVSS
7.8AI Score
0.0004EPSS
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified...
5.9CVSS
0.0004EPSS
Certain HP PC BIOS Logo Vulnerabilities
Potential security vulnerabilities, known as LogoFAIL, have been reported in the AMI BIOS and the Insyde BIOS used in certain HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure, and/or data tampering. AMI and Insyde are...
7.8CVSS
7.8AI Score
0.0004EPSS
EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2024-1867)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless...
6.3CVSS
6.8AI Score
0.0004EPSS
VMware ESXi 7.0 / 8.0 Out-of-Bounds read (CVE-2024-37086)
The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3q or 8.0 prior to 8.0 Update 3. It is, therefore, affected by an out-of-bounds read vulnerability as referenced in the VMSA-2024-0013 advisory: Note that Nessus has not tested for these issues but has instead relied...
6.8CVSS
7AI Score
0.0004EPSS
Intel Chipset Device Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
6.7CVSS
7.1AI Score
0.0004EPSS
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1859)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the...
7.8CVSS
8.1AI Score
0.0004EPSS
EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2024-1853)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless...
6.3CVSS
6.8AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
VMware ESXi 7.0 / 8.0 Authenticaton Bypass (CVE-2024-37085)
The version of VMware ESXi installed on the remote host is prior to 8.0 Update 3. It is, therefore, affected by an authentication bypass vulnerability as referenced in the VMSA-2024-0013 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's...
6.8CVSS
7.4AI Score
0.0004EPSS
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1873)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the...
7.8CVSS
8.1AI Score
0.0004EPSS
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...
6.8AI Score
0.0004EPSS
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...
0.0004EPSS