Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and...
6.7CVSS
6.2AI Score
0.001EPSS
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...
8.5CVSS
8.6AI Score
0.0004EPSS
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138898 advisory. BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, or NGINX App Protect WAF may fail to match an attack ...
7.4AI Score
Juniper Junos OS DoS (JSA69493)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69493 advisory. A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific...
7.5CVSS
7.7AI Score
0.001EPSS
An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is...
EPSS
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim...
EPSS
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones...
EPSS
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of...
7AI Score
EPSS
The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution...
8.8CVSS
9.1AI Score
0.001EPSS
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full...
EPSS
The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level.....
4.3CVSS
6.7AI Score
0.001EPSS
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...
F5 Networks BIG-IP : BIG-IP Edge Client for macOS Privilege Escalation (K000136185)
The version of F5 Networks BIG-IP installed on the remote macOS host is prior or equal to 17.1.0 / 16.1.4 / 15.1.10 / 14.1.5 / 13.1.5. It is, therefore, affected by a vulnerability as referenced in the K000136185 advisory. The BIG-IP Edge Client Installer on macOS does not follow best practices...
7.8CVSS
7.8AI Score
0.0004EPSS
F5 Networks BIG-IP : BIG-IP and BIG-IQ iControl SOAP vulnerability (K000133472)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.5 / 15.1.9.1 / 16.1.3.5 / 17.1.0.2. It is, therefore, affected by a vulnerability as referenced in the K000133472 advisory. An authenticated attacker with guest privileges or higher can cause the iControl SOAP...
4.3CVSS
4.9AI Score
0.0004EPSS
F5 Networks BIG-IP : BIG-IP virtual server TCP sequence numbers vulnerability (K64571774)
On specific BIG-IP platforms, attackersmay be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers.(CVE-2020-5947) Impact Attackers may be able to spoof TCP packets to be used by a future...
4.3CVSS
4.5AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP APM portal access vulnerability (K40625021)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K40625021 advisory. A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP...
4.3CVSS
4.7AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP engineering hotfix TMM vulnerability (K53590702)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K53590702 advisory. Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel...
7.5CVSS
7.6AI Score
0.001EPSS
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc...
7.2AI Score
0.0004EPSS
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc...
7.2AI Score
0.0004EPSS
F5 Networks BIG-IP : BIG-IP APM Clients TunnelCrack vulnerability (K000136907)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000136907 advisory. BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End...
7.1CVSS
7AI Score
0.001EPSS
An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of...
EPSS
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...
EPSS
CVE-2024-3946 WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings
The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
4.4CVSS
4.7AI Score
0.0004EPSS
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...
EPSS
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...
9.9CVSS
9.5AI Score
0.0004EPSS
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...
9.9CVSS
0.0004EPSS
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...
9.9CVSS
7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through...
4.3CVSS
7.2AI Score
0.0004EPSS
CVE-2024-32826 WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through...
5.3CVSS
5.6AI Score
0.0004EPSS
Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...
6.1CVSS
6.5AI Score
0.0005EPSS
F5 Networks BIG-IP : Microarchitectural Store Buffer Data Sampling (MSBDS) (K52370164)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K52370164 advisory. Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative...
5.6CVSS
6.6AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP APM Clients TunnelCrack vulnerability (K000136909)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1.1. It is, therefore, affected by a vulnerability as referenced in the K000136909 advisory. BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which...
8.2CVSS
8.3AI Score
0.001EPSS
F5 Networks BIG-IP : Intel processors MMIO stale data vulnerability (K08152433)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K08152433 advisory. Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an ...
5.5CVSS
6.8AI Score
0.0005EPSS
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...
EPSS
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution...
9.8CVSS
9.8AI Score
0.966EPSS
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...
5.3CVSS
6.2AI Score
0.009EPSS
A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific....
7.5CVSS
6.8AI Score
0.0005EPSS
The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
4.4CVSS
5.8AI Score
0.0004EPSS
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...
9.9CVSS
0.0004EPSS
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is...
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it...
6.1CVSS
6AI Score
0.001EPSS
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...
7.2CVSS
6.8AI Score
0.0005EPSS
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...
7.2CVSS
6.8AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through...
4.3CVSS
4.9AI Score
0.0004EPSS
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim...
7AI Score
EPSS
Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through...
4.3CVSS
5.1AI Score
0.0004EPSS
The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated attackers to extract sensitive data including user...
5.3CVSS
6.7AI Score
0.0005EPSS
The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.28 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...
8.8CVSS
9.3AI Score
0.0004EPSS
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.7AI Score
0.0004EPSS
F5 Networks BIG-IP : BIG-IP and BIG-IQ DB Variable Vulnerability (K20850144)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K20850144 advisory. The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. ...
6.5CVSS
6.7AI Score
0.0005EPSS