Lucene search
K

8806 matches found

Vulnrichment
Vulnrichment
added 2023/05/17 5:4 p.m.9 views

CVE-2023-31135 Dgraph Audit Log Encryption nonce reuse

Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...

3.3CVSS5.4AI score0.00153EPSS
Exploits0References3
OSV
OSV
added 2023/05/17 5:4 p.m.21 views

CVE-2023-31135 Dgraph Audit Log Encryption nonce reuse

Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...

3.3CVSS5AI score0.00153EPSS
Exploits0References5
NVD
NVD
added 2023/05/17 2:15 a.m.14 views

CVE-2023-2608

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...

4.3CVSS4.6AI score0.00364EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/05/17 1:58 a.m.31 views

CVE-2023-2608 Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...

3.1CVSS5.4AI score0.00364EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/05/17 1:58 a.m.9 views

CVE-2023-2608 Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...

3.1CVSS6.7AI score0.00364EPSS
Exploits0References4
NVD
NVD
added 2023/05/17 12:15 a.m.24 views

CVE-2023-2528

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...

8.8CVSS6.2AI score0.0032EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/05/17 12:15 a.m.3 views

CVE-2023-2528

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...

8.8CVSS7.2AI score0.0032EPSS
Exploits0References4
OSV
OSV
added 2023/05/17 12:15 a.m.5 views

CVE-2023-2528

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...

8.8CVSS7.3AI score0.0032EPSS
Exploits0References3
Prion
Prion
added 2023/05/17 12:15 a.m.12 views

Cross site request forgery (csrf)

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...

6.8CVSS8.4AI score0.0032EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.4 views

Dgraph 加密问题漏洞

Dgraph is Dgraph open source a horizontally scalable distributed GraphQL database with a graph backend. Dgraph version before 23.0.0 has a cryptographic problem vulnerability , the vulnerability stems from a nounce conflict , an attacker can use the vulnerability to brute-force attack on the log...

5.5CVSS5.6AI score0.00153EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.5 views

PT-2023-23169 · Dgraph · Dgraph

Name of the Vulnerable Software and Affected Versions: Dgraph versions prior to v23.0.0 Description: Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is...

5.5CVSS5.2AI score0.00153EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2023/05/16 11:35 p.m.9 views

CVE-2023-2528 Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...

5.4CVSS7.2AI score0.0032EPSS
Exploits0References3
Snyk
Snyk
added 2023/05/16 12:0 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to missing nonce validation on the wpajaxsetattachmentthumbnail AJAX function. An attacker can update the thumbnail...

5.1CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2023/05/15 1:15 p.m.19 views

Authorization

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...

5CVSS7.5AI score0.00819EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/05/15 12:15 p.m.16 views

CVE-2023-0812 Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...

7.7AI score0.00819EPSS
Exploits2References1
CVE
CVE
added 2023/05/15 12:15 p.m.55 views

CVE-2023-0812

CVE-2023-0812 affects the WordPress plugin Active Directory Integration / LDAP Integration (pre-4.1.1). The issue is unauthenticated data disclosure due to improper authorization or nonce handling on certain POST requests. A fix exists in version 4.1.1; affected users should upgrade to 4.1.1 or l...

7.5CVSS7.6AI score0.00819EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/05 12:0 a.m.13 views

Easy Appointments < 3.11.10 - Cross-Site Request Forgery

The plugin does not properly validate requests use nonces, leading to potential Cross-Site Request Forgery CSRF vulnerabilities...

8.8CVSS6.8AI score0.00256EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2023/04/25 12:0 a.m.19 views

WordPress The Royal Elementor Addons Plugin < 1.3.60 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:royal-elementor-addons:royalelementoraddons"; if description...

8.8CVSS5.7AI score0.00945EPSS
Exploits2References1
OSV
OSV
added 2023/04/21 6:15 p.m.4 views

CVE-2022-47930

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

6.8CVSS5.8AI score0.00523EPSS
Exploits0References2
NVD
NVD
added 2023/04/20 6:15 p.m.17 views

CVE-2023-30616

Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any...

6.5CVSS6.5AI score0.00295EPSS
Exploits0References2
Rows per page
Query Builder