Lucene search

K

Keep Security Vulnerabilities

cve
cve

CVE-2024-1844

The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the import_data and copy_data functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated...

4.3CVSS

8.9AI Score

0.0004EPSS

2024-03-20 07:15 AM
33
cve
cve

CVE-2023-26128

All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have...

8.4CVSS

7.9AI Score

0.0004EPSS

2023-05-27 05:15 AM
17
cve
cve

CVE-2022-1820

The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the β€˜t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts.....

6.1CVSS

6AI Score

0.001EPSS

2022-06-13 02:15 PM
46
4
cve
cve

CVE-2022-30877

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is...

9.8CVSS

9.4AI Score

0.005EPSS

2022-06-08 06:15 PM
42
4
cve
cve

CVE-2022-1716

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code...

4.6CVSS

4.8AI Score

0.001EPSS

2022-06-02 06:15 PM
66
3
cve
cve

CVE-2009-0287

SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2)...

8.7AI Score

0.002EPSS

2009-01-27 06:30 PM
25
cve
cve

CVE-2008-1635

Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly...

7.1AI Score

0.023EPSS

2008-04-02 05:44 PM
18
cve
cve

CVE-2006-6763

Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c)...

8AI Score

0.005EPSS

2006-12-27 02:28 AM
23
cve
cve

CVE-2006-6764

PHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in the default_path_to_themes...

7.9AI Score

0.012EPSS

2006-12-27 02:28 AM
23