Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[]...
6.8AI Score
0.016EPSS
In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some...
7AI Score
0.0004EPSS
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions.....
6.4CVSS
5.7AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some...
7AI Score
0.0004EPSS
Cross-Site Scripting in TYPO3 CMS
Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site...
7AI Score
Cross-Site Scripting in TYPO3 CMS
Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site...
7AI Score
WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC The PoC will be displayed on June 26, 2024, to give users the time to...
6.5AI Score
EPSS
CVE-2024-0420 MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting...
5.9AI Score
0.0004EPSS
Exploit for Release of Invalid Pointer or Reference in Linux Linux Kernel
Linux_LPE_io_uring_CVE-2021-41073 LPE exploit for...
7.8CVSS
7.8AI Score
0.0004EPSS
CVE-2023-44234 WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...
4.3CVSS
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null from get_channel_from_mode. Make sure we validate the return pointer before using it in two of the missing places. ...
7AI Score
0.0004EPSS
A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...
7.3CVSS
7.5AI Score
0.0004EPSS
Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to...
6.4AI Score
EPSS
Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to...
6.4AI Score
EPSS
EmbedPress < 3.9.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL
Description The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input.....
6.4CVSS
5.7AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null from get_channel_from_mode. Make sure we validate the return pointer before using it in two of the missing places....
7AI Score
0.0004EPSS
CVE-2023-44234 WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...
4.3CVSS
7.2AI Score
0.0004EPSS
Similarity <= 3.0 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
9AI Score
0.0004EPSS
Sitetweet <= 0.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC The PoC will be displayed on June 25, 2024, to give users the time to...
5.6AI Score
EPSS
Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group PoC The PoC will be displayed on June 26, 2024, to give users...
6.5AI Score
EPSS
A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...
7.3CVSS
0.0004EPSS
AZAN Plugin <= 0.6 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.9AI Score
0.0004EPSS
Inquiry Cart <= 3.4.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
9AI Score
0.0004EPSS
gnome-shell, gnome-menus, and gnome-shell-extensions bug fix update
An update is available for gnome-menus, gnome-shell, gnome-shell-extensions. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME Shell acts as a compositing...
7.3AI Score
Exploit for Use After Free in Microsoft
voidmap A very simple driver manual mapper that exploits...
8AI Score
WP Google Maps for WordPress < 7.11.17 Unauthenticated SQL Injection (CVE-2019-10692)
The WP Google Maps plugin for WordPress running on the remote web server is affected by an SQL injection (SQLi) vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database,...
9.8CVSS
9.9AI Score
0.973EPSS
CVE-2024-31271 WordPress Ultimate Maps plugin <= 1.2.16 - Cross Site Request Forgery vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through...
4.3CVSS
4.9AI Score
0.0004EPSS
OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of...
9.8CVSS
9.8AI Score
0.024EPSS
Exploit for Out-of-bounds Write in Linux Linux Kernel
Linux_LPE_eBPF_CVE-2021-3490 LPE exploit for CVE-2021-3490....
7.8CVSS
8.1AI Score
0.002EPSS
Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file...
5.5AI Score
0.0004EPSS
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query...
10CVSS
9.4AI Score
0.002EPSS
WP Chat App < 3.6.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is...
6AI Score
0.0004EPSS
Autodesk Design Review Installed
Autodesk Design Review, a review software for Autodesk designs, is installed on the remote Windows...
3.3AI Score
This script is designed to exploit vulnerabilities in a Mailcow...
6.2CVSS
7AI Score
0.0004EPSS
Mapster WP Maps < 1.2.39 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of parameters before outputting them back in a page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.9AI Score
0.0004EPSS
Malicious code in brand-adidas-design-tokens (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (7e16fae72fd3726263d7bfa2f1c164b7d4100f89931856c163e37c534feb1a57) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
WP Stacker <= 1.8.5 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.9AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through...
7.6CVSS
8.1AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Gnu Glibc
CVE-2023-4911 - Looney Tunables This is a (atm very rough)...
7.8CVSS
8.4AI Score
0.014EPSS
Interactive World Maps < 2.5 - Reflected Cross-Site Scripting
Description The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search (s) parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to.....
6.1CVSS
6.5AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry....
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt6-qtgraphs-6.7.1-1.fc40
The Qt Graphs module enables you to visualize data in 3D as bar, scatter, and surface graphs. It's especially useful for visualizing depth maps and large quantities of rapidly changing data, such as data received from multiple sensors. The look and feel of graphs can be customized by using themes.....
6.3AI Score
0.0004EPSS
A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load....
6.5CVSS
6.2AI Score
0.001EPSS
ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting
Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry....
7AI Score
0.0004EPSS
ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting
Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the...
7.2AI Score
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
FOLLINA-CVE-2022-30190 Implementation of...
7.8CVSS
8.4AI Score
0.961EPSS
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a...
7.3CVSS
7AI Score
0.001EPSS
CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to...
4.9AI Score
0.0004EPSS
XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places...
9.9CVSS
9.5AI Score
0.001EPSS