WP Design Maps & Places Security Vulnerabilities
The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF...
9.4AI Score
0.0004EPSS
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.7AI Score
0.0004EPSS
The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF...
9.4AI Score
0.0004EPSS
Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vapor_urlparser_parse function uses uint16_t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...
6.5CVSS
6.6AI Score
0.0004EPSS
design-optique.com Improper Access Control vulnerability OBB-3855513
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known...
4.3CVSS
6.4AI Score
0.0005EPSS
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
8.9AI Score
0.0004EPSS
CVE-2024-34826 WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through...
6.3CVSS
6.9AI Score
0.0004EPSS
10CVSS
8.4AI Score
0.001EPSS
stein-design-saar.de Improper Access Control vulnerability OBB-3856262
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
CVE-2024-4534 KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
8.9AI Score
0.0004EPSS
CVE-2024-26772 ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group...
7.6AI Score
0.0004EPSS
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password...
7.4AI Score
0.0004EPSS
CVE-2024-26772 ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group...
6.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through...
6.3CVSS
0.0004EPSS
design-smart-home.de Cross Site Scripting vulnerability OBB-3927164
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...
7.6AI Score
0.0004EPSS
CVE-2024-34826 WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through...
6.3CVSS
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported: ...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error caused by page alignment In kasan_init_region, when k_start is not page aligned, at the begin of for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then va = block + k_cur - k_start is...
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry....
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error caused by page alignment In kasan_init_region, when k_start is not page aligned, at the begin of for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then va = block + k_cur - k_start is...
7.4AI Score
0.0004EPSS
Adobe InDesign for macOS Installed
Adobe InDesign, a page and layout design application, is installed on the macOS...
1.3AI Score
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported:...
5.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...
6.5AI Score
0.0004EPSS
RHEL 7 : spamassassin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. spamassassin: Malicious rule configuration files can be configured to run system commands...
9.8CVSS
7.9AI Score
0.016EPSS
CVE-2024-36922 wifi: iwlwifi: read txq->read_ptr under lock
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry....
6.4AI Score
0.0004EPSS
7.4AI Score
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates.....
3.3CVSS
0.4AI Score
0.001EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0386-1)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry....
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...
6.4AI Score
0.0004EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0385-1)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.002EPSS
Autodesk AutoCAD, a computer-aided design application, is installed on the remote...
1.8AI Score
Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...
6.5AI Score
0.0004EPSS
Adobe InDesign CC, a page and layout design application, is installed on the remote...
1.7AI Score
National Instruments LabVIEW Installed
National Instruments LabVIEW, a system design and development platform, is installed on the remote Windows...
2.2AI Score
** DISPUTED ** KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. Notes Author|...
6.4AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...
7AI Score
0.0004EPSS
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the order parameter of...
7.5CVSS
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...
7AI Score
0.0004EPSS
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...
6.5CVSS
6.8AI Score
0.009EPSS
RHEL 8 : opensc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. opensc: Stack buffer overflow issues in various places (CVE-2021-42782) A heap double free issue was...
5.3CVSS
6.2AI Score
0.002EPSS
Database Connection String Disclosure
Most of the web applications rely on a database to provide features to their users. In secure designs, consuming these private or cloud databases will require authentication like username and password based credentials. Developers sometimes hard code such data in various places of their...
8AI Score
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions...
4.3CVSS
4.8AI Score
0.0004EPSS
Fedora: Security Advisory for qt6-qtgraphs (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
** DISPUTED ** Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other...
6.2AI Score
EPSS
7.4AI Score
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape {, which, when used in certain places, allows XWiki syntax injection and thereby remote code...
10CVSS
10AI Score
0.0004EPSS