Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-10780
Restaurant & Cafe Addon for Elementor <= 1.5.9 - Authenticated (Contributor+) Post Disclosure
Description: The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-10670
Primary Addon for Elementor <= 1.6.2 - Authenticated (Contributor+) Post Disclosure
Description: The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-10510
adBuddy+ (AdBlocker Detection) by NetfunkDesign <= 1.1.3 - Admin+ Stored XSS
Description: The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-10493
Element Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSS
Description: The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-10473
Logo Slider < 4.5.0 - Author+ Stored XSS
Description: The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-0854
Description: URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

CVSS: MEDIUM (5.4)

EPSS Score: 0.06%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2023-0142
Description: Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.

CVSS: MEDIUM (6.5)

EPSS Score: 0.08%

Source: CVE
November 29th, 2024 (5 months ago)
Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP
Description: Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality,
Source: TheHackerNews
November 28th, 2024 (5 months ago)
Tor needs 200 new WebTunnel bridges to fight censorship
Description: The Tor Project has put out an urgent call to the privacy community asking volunteers to help deploy 200 new WebTunnel bridges by the end of the year to fight government censorship. [...]
Source: BleepingComputer
November 28th, 2024 (5 months ago)
The Future of Serverless Security in 2025: From Logs to Runtime Protection
Description: Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is
Source: TheHackerNews
November 28th, 2024 (5 months ago)