The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it...
6.4CVSS
5.7AI Score
0.001EPSS
Quassel IRC credential gatherer
PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...
7AI Score
9.9AI Score
The version of Firefox ESR installed on the remote Windows host is prior to 60.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-08 advisory. A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using ...
9.8CVSS
9.8AI Score
0.205EPSS
SUSE SLES12 Security Update : python-requests (SUSE-SU-2024:1946-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1946-1 advisory. - CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify (bsc#1224788). Tenable has extracted the preceding...
5.6CVSS
5.5AI Score
0.0004EPSS
SUSE SLES12 Security Update : python-Jinja2 (SUSE-SU-2024:1948-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1948-1 advisory. - CVE-2024-34064: Fixed HTML attribute injection when passing user input as keys to xmlattr filter (bsc#1223980) Tenable has extracted...
5.4CVSS
7.5AI Score
0.0004EPSS
CVE-2024-5851 playSMS SMS Schedule cross site scripting
A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....
3.5CVSS
0.0004EPSS
CVE-2024-5851 playSMS SMS Schedule cross site scripting
A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....
3.5CVSS
6.4AI Score
0.0004EPSS
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 66.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-07 advisory. A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained...
9.8CVSS
10AI Score
0.205EPSS
The version of Firefox installed on the remote Windows host is prior to 66.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-07 advisory. A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using ...
9.8CVSS
10AI Score
0.205EPSS
Microsoft Windows Multiple Vulnerabilities (KB4528760)
This host is missing a critical security update according to Microsoft...
8.1CVSS
7.2AI Score
0.969EPSS
2024-05 Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5037768)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...
7.1AI Score
2024-05 Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5037768)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...
7.1AI Score
MyBB HTTP Header 'CLIENT-IP' Field SQLi
The version of MyBB installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'CLIENT-IP' request header before using it in a database query when initiating a session in the inc/class_session.php script. A remote attacker...
7.1AI Score
0.012EPSS
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ......
6.4AI Score
0.0004EPSS
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....
6.1CVSS
6.2AI Score
0.0004EPSS
2024-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5037768)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
7.2AI Score
Exploit for Use After Free in Microsoft
CVE-2023-36802 Local Privilege Escalation POC authors:...
7.8CVSS
6.7AI Score
0.001EPSS
Sylpheed email credential gatherer
PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...
7AI Score
2024-05 Dynamic Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5037768)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
7.2AI Score
Halloy IRC credential gatherer
PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...
7AI Score
PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...
7AI Score
2024-05 Dynamic Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5037768)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
7.2AI Score
2024-05 Dynamic Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5037768)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
7.2AI Score
Microsoft Windows Multiple Vulnerabilities (KB4592471)
This host is missing a critical security update according to Microsoft...
8.1CVSS
7.1AI Score
0.027EPSS
Microsoft Windows Multiple Vulnerabilities (KB4565483)
This host is missing a critical security update according to Microsoft...
10CVSS
7AI Score
0.944EPSS
Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated...
6.4AI Score
0.0004EPSS
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. ...
8.1AI Score
0.0004EPSS
The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.9AI Score
0.001EPSS
The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and...
6.4CVSS
7.8AI Score
0.0004EPSS
The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and...
6.4CVSS
5.9AI Score
0.0004EPSS
MOVEit Transfer - SQL Injection
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain...
9.1CVSS
9.4AI Score
0.153EPSS
2024-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5037768)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
7.2AI Score
2024-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5037768)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
7.2AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through...
7.6AI Score
0.0004EPSS
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. ...
8.1AI Score
0.0004EPSS
Microsoft Windows Multiple Vulnerabilities (KB4540673)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.3AI Score
0.54EPSS
Microsoft Windows Multiple Vulnerabilities (KB4532693)
This host is missing a critical security update according to Microsoft...
8.8CVSS
7.2AI Score
EPSS
Dell EMC OpenManage Server Administrator (OMSA) Detection (HTTP)
HTTP based detection of Dell EMC OpenManage Server Administrator...
7.4AI Score
TIBCO Security Advisory: May 14, 2024 - TIBCO Hawk - CVE-2024-3182
**TIBCO Hawk install-time password disclosure vulnerability ** Original release date: May 14, 2024 Last revised: --- CVE-2024-3182 Source: TIBCO Software Inc. Products Affected TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3. Component Affected: TIBCO Hawk Universal Installer including the...
6.5CVSS
6.9AI Score
0.0004EPSS
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...
7.1AI Score
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...
7.1AI Score
ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists.....
6.5CVSS
6.5AI Score
0.0005EPSS
OpenSSL 1.0.2 < 1.0.2ze Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.2ze. It is, therefore, affected by a vulnerability as referenced in the 1.0.2ze advisory. The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some...
9.8CVSS
10AI Score
0.106EPSS
OpenSSL 1.1.1 < 1.1.1o Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.1.1o. It is, therefore, affected by a vulnerability as referenced in the 1.1.1o advisory. The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some...
9.8CVSS
10AI Score
0.106EPSS
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...
7.1AI Score
Microsoft Windows Multiple Vulnerabilities (KB4586827)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.2AI Score
0.365EPSS
Genesco Inc. Confirms Payment Card Data Breach in U.S. Stores
Specialty retailer Genesco Inc. announced on Friday that it experienced a criminal intrusion into the part of its computer network that processes payment card transactions. Some card details might have been compromised. However, the company quickly secured the affected network segment and...
7.1AI Score
Microsoft Windows Multiple Vulnerabilities (KB4580345)
This host is missing a critical security update according to Microsoft...
8.8CVSS
7AI Score
0.015EPSS
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...
6.4CVSS
5.9AI Score
0.001EPSS