The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.8AI Score
EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
EPSS
9.8CVSS
9.7AI Score
0.002EPSS
7.5AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: py3-werkzeug, superset, kubeflow-jupyter-web-app, py3.10-tensorflow-core,...
7.5CVSS
7.8AI Score
0.0004EPSS
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: py3-werkzeug, superset, kubeflow-jupyter-web-app, py3.10-tensorflow-core,...
7.5AI Score
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
7.5AI Score
Vulnerabilities for packages: dask-gateway, datadog-agent, kubeflow-pipelines, ggshield, confluent-docker-utils, kubeflow-jupyter-web-app, py3.10-tensorflow-core, kubeflow-volumes-web-app, py3-idna, kubeflow-pipelines-visualization-server, py3-cassandra-medusa, kubeflow-katib, k8s-sidecar,...
6.7AI Score
EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: dask-gateway, datadog-agent, kubeflow-pipelines, ggshield, confluent-docker-utils, kubeflow-jupyter-web-app, py3.10-tensorflow-core, kubeflow-volumes-web-app, py3-idna, kubeflow-pipelines-visualization-server, py3-cassandra-medusa, kubeflow-katib, k8s-sidecar,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: dask-gateway, reflex, superset, confluent-docker-utils, py3-jinja2, kubeflow-volumes-web-app, pytorch,...
7.5AI Score
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: jwt-tool, kubeflow-volumes-web-app, kubeflow-jupyter-web-app, py3-tensorflow-serving-api,...
7.5AI Score
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: dask-gateway, reflex, superset, confluent-docker-utils, py3-jinja2, kubeflow-volumes-web-app, pytorch,...
5.4CVSS
6.1AI Score
0.0004EPSS
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: jwt-tool, kubeflow-volumes-web-app, kubeflow-jupyter-web-app, py3-tensorflow-serving-api,...
4.2CVSS
7.1AI Score
0.0004EPSS
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: mlflow, reflex, superset, datadog-agent, patroni, kubeflow-pipelines, ggshield, confluent-docker-utils, kubeflow-jupyter-web-app, airflow, kubeflow-volumes-web-app, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-katib, k8s-sidecar, jwt-tool,...
7.5AI Score
CVE-2024-37891 vulnerabilities
Vulnerabilities for packages: dask-gateway, mlflow, reflex, superset, kubeflow-pipelines, ggshield, confluent-docker-utils, airflow, kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-katib, k8s-sidecar, kubeflow-jupyter-web-app, az,...
4.4CVSS
4.9AI Score
0.0004EPSS
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
5.3CVSS
6AI Score
0.0004EPSS
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: py3-werkzeug, airflow, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
8CVSS
7.9AI Score
0.001EPSS
CVE-2024-35195 vulnerabilities
Vulnerabilities for packages: mlflow, reflex, superset, datadog-agent, patroni, kubeflow-pipelines, ggshield, confluent-docker-utils, kubeflow-jupyter-web-app, airflow, kubeflow-volumes-web-app, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-katib, k8s-sidecar, jwt-tool,...
5.6CVSS
6.2AI Score
0.0004EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: py3-werkzeug, airflow, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
7.5AI Score
GHSA-34JH-P97F-MPXF vulnerabilities
Vulnerabilities for packages: dask-gateway, mlflow, reflex, superset, kubeflow-pipelines, ggshield, confluent-docker-utils, airflow, kubeflow-volumes-web-app, py3-cassandra-medusa, kubeflow-katib, k8s-sidecar, kubeflow-jupyter-web-app, az,...
7.5AI Score
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: dask-gateway, kube-downscaler, kubeflow-volumes-web-app, k8s-sidecar, kubeflow-jupyter-web-app,...
7.5AI Score
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: dask-gateway, kube-downscaler, kubeflow-volumes-web-app, k8s-sidecar, kubeflow-jupyter-web-app,...
8.1CVSS
7.7AI Score
0.001EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
0.001EPSS
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.001EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.7AI Score
0.001EPSS
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
0.001EPSS
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
0.001EPSS
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.001EPSS
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
0.001EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
0.001EPSS
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
0.001EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
0.0005EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
6AI Score
0.0005EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
5.8AI Score
0.0004EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
0.0004EPSS
CVE-2024-5889 Events Manager <= 6.4.8 - Reflected Cross-Site Scripting
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
0.0005EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
0.0004EPSS
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to...
6.1CVSS
0.0005EPSS
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to...
6.1CVSS
6AI Score
0.0005EPSS
CVE-2024-6405 Floating Social Buttons <= 1.5 - Cross-Site Request Forgery
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to...
6.1CVSS
0.0005EPSS
Polyfill.io Supply Chain Attack
The polyfill.js is a popular open-source library that supports older browsers. Thousands of sites embed it using the cdn[.]polyfill[.]io domain. In February 2024, a Chinese company (Funnull) bought the domain and the GitHub account. The company has modified Polyfill.js so malicious code would be...
7.7AI Score
Summary A cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50964 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...
5.9AI Score
EPSS
Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Vulnerability Details ** CVEID: CVE-2024-35153 DESCRIPTION: **IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...
4.8CVSS
6.2AI Score
0.0004EPSS
Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-28794 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...
5.7AI Score
EPSS
Friday Squid Blogging: New Squid Species
A new squid species--of the Gonatidae family--was discovered. The video shows her holding a brood of very large eggs. Research...
7.3AI Score
Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-28798 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary...
5.7AI Score
EPSS
Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-28797 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary...
5.7AI Score
EPSS
Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-28795 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...
5.7AI Score
EPSS
Metasploit Weekly Wrap-Up 06/28/2024
Unauthenticated Command Injection in Netis Router This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password...
9.8CVSS
9AI Score
0.005EPSS
CVE-2024-38518 bbb-web API additional parameters considered
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....
4.6CVSS
0.0004EPSS