Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-1985 |
Description: The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.
CVSS: MEDIUM (4.7) EPSS Score: 2.66% SSVC Exploitation: none
April 15th, 2025 (5 days ago)
|
|
CVE-2024-1479 |
Description: The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages.
CVSS: MEDIUM (5.3) EPSS Score: 0.29% SSVC Exploitation: none
April 15th, 2025 (5 days ago)
|
|
CVE-2024-1383 |
Description: The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 1.77% SSVC Exploitation: none
April 15th, 2025 (5 days ago)
|
|
CVE-2024-13177 |
Description: Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system.
This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.
CVSS: MEDIUM (5.2) EPSS Score: 0.01%
April 15th, 2025 (5 days ago)
|
|
CVE-2024-1291 |
Description: The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.16% SSVC Exploitation: none
April 15th, 2025 (5 days ago)
|
|
CVE-2024-11084 |
Description: Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists.
CVSS: MEDIUM (6.3) EPSS Score: 0.05% SSVC Exploitation: none
April 15th, 2025 (5 days ago)
|
|
CVE-2024-0828 |
Description: The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio.
CVSS: MEDIUM (5.4) EPSS Score: 0.12% SSVC Exploitation: none
April 15th, 2025 (5 days ago)
|
|
CVE-2024-0447 |
Description: The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings.
CVSS: MEDIUM (5.0) EPSS Score: 0.15% SSVC Exploitation: none
April 15th, 2025 (5 days ago)
|
|
CVE-2025-30280 |
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 6.9
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Mendix Runtime
Vulnerability: Observable Response Discrepancy
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
Mendix Runtime: V10: Versions prior to 10.21
Mendix Runtime V8: All versions
Mendix Runtime V9: All versions
Mendix Runtime V10.6: All versions
Mendix Runtime V10.12: All versions
Mendix Runtime V10.18: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 OBSERVABLE RESPONSE DISCREPANCY CWE-204
Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.
CVE-2025-30280 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/U...
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
April 15th, 2025 (5 days ago)
|
|
CVE-2024-23814 |
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 6.9
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX
Vulnerability: Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote attackers to affect the availability of the devices under certain conditions.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
SIMOCODE pro V PROFINET: All versions
SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0): Versions prior to V4.4
SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0): Versions prior to V4.4
SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0): All versions
SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0): Versions prior to V4.4
SIDOOR ATD430W: All versions
SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0): All versions
SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0): All versions
SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0): All versions
SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0): All versions
SIMATIC ET 200SP IM 155-6 PN ST (6ES7155-6AU01-0BN0): All versions
SIPLUS S7-1...
CVSS: MEDIUM (5.3)
April 15th, 2025 (5 days ago)
|