Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-12257
CardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting
Description: The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12174
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept...
Description: An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.

CVSS: LOW (2.7)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12167
Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via _wpnonce
Description: The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12166
Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via 'page'
Description: The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12165
Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting
Description: The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12115
Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication
Description: The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12057
User credentials recorded in log files
Description: User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application.

CVSS: LOW (1.8)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12026
Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation
Description: The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-11991
Uninitialized memory access in Motoko incremental garbage collector
Description: Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the Canister to enable the incremental garbage collector or enhanced orthogonal persistence, which are non-default features in Motoko.

CVSS: MEDIUM (5.6)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-11943
워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Parameter
Description: The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (4 months ago)