7.8CVSS
7.8AI Score
0.0004EPSS
Exploit for Missing Authorization in Wpmet Metform Elementor Contact Form Builder
CVE-2022-1442 WordPress Plugin Metform <= 2.1.3 - Improper...
7.5CVSS
7.2AI Score
0.033EPSS
Sky Mirror Vulnerability Scanning and Management System is a vulnerability scanning product independently developed by Qixing, a network-based vulnerability analysis, assessment and management system. There is a command execution vulnerability in the Sky Mirror Vulnerability Scanning and...
7.3AI Score
Sky Mirror Vulnerability Scanning and Management System is a vulnerability scanning product independently developed by Qixing, a network-based vulnerability analysis, assessment and management system. Sky Mirror Vulnerability Scanning and Management System of Qixing Information Technology Group...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)
Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities....
8.8CVSS
8.4AI Score
EPSS
7.1AI Score
EPSS
Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft...
9CVSS
8.7AI Score
0.421EPSS
LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack
[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of...
7AI Score
7.1AI Score
0.922EPSS
7.1AI Score
7.1AI Score
Internet Bug Bounty: jdbc apache airflow provider code execution vulnerability
In airflow.providers.jdbc.hooks.jdbc.JdbcHook, A privilege escalation vulnerability exists in a system due to controllable Driver Path and Driver Class parameters which cause executing any java code. Vulnerability reproduction steps: 1. create a malicious jdbc driver, like this ``` import...
7.1AI Score
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....
4.3CVSS
4.2AI Score
0.001EPSS
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....
4.3CVSS
6.6AI Score
0.001EPSS
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....
4.3CVSS
4.2AI Score
0.001EPSS
Cross site request forgery (csrf)
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....
4.3CVSS
4.3AI Score
0.001EPSS
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....
4.3CVSS
4.5AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.974EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...
8.8CVSS
8.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...
8.8CVSS
6.5AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...
8.8CVSS
8.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...
5.4CVSS
9AI Score
0.001EPSS
Exploit for Command Injection in Chamilo
Chamilo_CVE-2023-34960-EXP 帮助: usage: CVE-2023-34960.py...
9.8CVSS
9.3AI Score
0.922EPSS
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py 概述...
8.6CVSS
7.7AI Score
0.974EPSS
Exploit for Use After Free in Linux Linux Kernel
fork from https://github.com/veritas501/hbp_attack_demo...
7.1AI Score
8.8CVSS
9.1AI Score
0.516EPSS
Exploit for Double Free in Openbsd Openssh
CVE-2023-25136 OpenSSH 9.1漏洞大规模扫描和利用 *脆弱性的详细信息...
6.5CVSS
7AI Score
0.009EPSS
CVE-2023-2982 WordPress Social Login and Register (Discord,...
9.8CVSS
9.8AI Score
0.012EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)
Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....
9.8CVSS
8.6AI Score
EPSS
Arbitrary File Download Vulnerability in ES File Browser of Beijing Xiaoxiong Bowang Technology Co.
ES File Explorer is a powerful and free local and network file manager. ES File Browser has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive...
6.6AI Score
Logic Flaw Vulnerability in T+ (CNVD-2023-62863)
T+ is a new Internet business management software. A logic flaw vulnerability exists in Changjitong T+, which can be exploited by an attacker to delete arbitrary...
6.8AI Score
Exploit for Improper Ownership Management in Linux Linux Kernel
typora-copy-images-to: ./image CVE-2023-0386 Exp...
7.8CVSS
7.7AI Score
0.0004EPSS
Shandong Zhongchuang Software Commercial Middleware Co., Ltd. is a company whose business scope includes sales and maintenance services of computers, software and auxiliary equipment, electronic equipment, computer network equipment, etc. A file upload vulnerability exists in the inforsuiteAS...
7.2AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 12, 2023 to June 18, 2023)
Last week, there were 60 vulnerabilities disclosed in 52 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 25 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
8.8CVSS
7.5AI Score
0.009EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4...
8.8CVSS
5.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4...
8.8CVSS
8.8AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4...
8.8CVSS
8.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4...
4.3CVSS
9AI Score
0.001EPSS
Exploit for SQL Injection in Jeecg Jeecg-Boot
CVE-2023-1454 Jeecg-Boot-qurestSql-SQLvuln...
9.8CVSS
7.2AI Score
0.091EPSS
WooCommerce PayPal Payments < 2.0.5 - Merchant ID Details Update via CSRF
The plugin does not have CSRF checks when updating the merchant ID details, which could allow attackers to make logged in users update them via a CSRF...
8.8CVSS
8.7AI Score
0.001EPSS
5.3CVSS
7.1AI Score
0.949EPSS
7.8CVSS
6.9AI Score
0.0004EPSS
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315 0x01 获取返回的JSESSIONID和csrftoken...
8.6CVSS
7.6AI Score
0.974EPSS
Changjitong T+ Remote Command Execution Vulnerability
T+ is a new Internet-based business management software. A remote command execution vulnerability exists in T+, which can be exploited by an attacker to execute arbitrary commands on the target...
7.8AI Score
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246 CVE-2023-33246 Apache RocketMQ...
9.8CVSS
7.1AI Score
0.973EPSS
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246 CVE-2023-33246 Apache RocketMQ 远程代码执行漏洞...
9.8CVSS
7.1AI Score
0.973EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 29, 2023 to June 4, 2023)
Last week, there were 116 vulnerabilities disclosed in 88 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 35 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
9.8CVSS
8.7AI Score
EPSS
Exploit for Code Injection in Vmware Spring Framework
Spring RCE CVE-2022-22965 漏洞环境 环境信息 * springboot *...
9.5AI Score
Exploit for Code Injection in Apache Rocketmq
0x01 简介 此工具是一款用于 RocketMQ RCE (CVE-2023-33246) woodpecker...
9.8CVSS
9.3AI Score
0.973EPSS
Exploit for Code Injection in Apache Rocketmq
0x01 简介 此工具是一款用于 RocketMQ RCE (CVE-2023-33246) woodpecker...
9.8CVSS
9.3AI Score
0.973EPSS