Lucene search
K

19 matches found

Circl
Circl
added 2025/12/06 9:38 a.m.3 views

CVE-2025-13358

creationtimestamp| type| source ---|---|--- 2025-12-06 09:38:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7cpdwso7v2u...

5.3CVSS4.8AI score0.0024EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/06 1:33 a.m.10 views

WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Page Creation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CodeConfig Accessibility versions = 1.0.0...

5.3CVSS6.5AI score0.0024EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 p.m.8 views

CVE-2020-13358

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: =13.4, =13.3, =13.5, 13.5.2...

5.5CVSS6.4AI score0.00321EPSS
Exploits0
Circl
Circl
added 2025/03/01 4:27 a.m.4 views

CVE-2024-13358

creationtimestamp| type| source ---|---|--- 2025-03-01 04:27:34+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6037 2025-03-01 06:24:37+00:00| seen| https://t.me/cvedetector/19200 2025-03-02 11:46:31+00:00| seen| Telegram/fLSiqW7UjQJfWmdiq7iiusJ6DCVp3lS8Jq8vCfbGh4kyunlS...

4.3CVSS8.7AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/01 3:22 a.m.11 views

CVE-2024-13358 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.24. This makes it possible for authenticated...

4.3CVSS0.00248EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/01 3:22 a.m.6 views

CVE-2024-13358 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bpdeletepage function in all versions up to, and including, 3.4.24. This makes it possible for authenticated...

4.3CVSS4.4AI score0.00248EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2022/10/12 12:0 a.m.3 views

TerraMaster Operating System Command Injection (CVE-2018-13358)

A command injection vulnerability exists in Terra Master. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.8AI score0.24946EPSS
Exploits1
0day.today
0day.today
added 2021/09/22 12:0 a.m.159 views

OpenCats 0.9.4-2 -(docx) XML External Entity Injection Vulnerability

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...

7.5CVSS0.3AI score0.23849EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/09/22 12:0 a.m.163 views

OpenCats 0.9.4-2 XML Injection

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...

7.5CVSS7.6AI score0.23849EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/09/22 12:0 a.m.238 views

OpenCats 0.9.4-2 - &#039;docx &#039; XML External Entity Injection (XXE)

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...

7.4AI score
Exploits0
Circl
Circl
added 2020/11/17 7:38 a.m.5 views

CVE-2020-13358

creationtimestamp| type| source ---|---|--- 2020-11-17 07:38:30+00:00| seen| https://t.me/cibsecurity/16426...

5.5CVSS5.4AI score0.00321EPSS
Exploits0References1
OSV
OSV
added 2020/11/17 1:15 a.m.15 views

CVE-2020-13358

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: =13.4, =13.3, =13.5, 13.5.2...

5.5CVSS6.7AI score0.00321EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/11/17 12:20 a.m.24 views

CVE-2020-13358

Removed by vendor...

5.5CVSS6AI score0.00321EPSS
Exploits0
Cvelist
Cvelist
added 2020/11/17 12:20 a.m.25 views

CVE-2020-13358

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: =13.4, =13.3, =13.5, 13.5.2...

4.7CVSS5.5AI score0.00321EPSS
Exploits0References2
CVE
CVE
added 2020/11/17 12:20 a.m.79 views

CVE-2020-13358

CVE-2020-13358 - GitLab Kubernetes agent API permission bypass vulnerable in GitLab CE/EE; affected are GitLab versions with ranges: &gt;=13.3, =13.4, =13.5,

5.5CVSS5.4AI score0.00321EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/07/05 8:26 p.m.387 views

CVE-2019-13358

OpenCats prior to 0.9.4-3 contains an XXE in lib/DocumentToText.php that lets remote attackers read files on the underlying OS. Exploitation requires the attacker to upload a docx or odt document, triggering the entity processing. The issue is associated with OpenCats 0.9.4-3 and earlier, with fi...

7.5CVSS6.3AI score0.23849EPSS
Exploits3References4Affected Software1
NVD
NVD
added 2018/11/27 9:29 p.m.18 views

CVE-2018-13358

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter...

9CVSS9.2AI score0.24946EPSS
Exploits1References1
CVE
CVE
added 2018/11/27 9:0 p.m.50 views

CVE-2018-13358

TerraMaster TOS 3.1.03 contains a command-injection flaw in ajaxdata.php via the checkName parameter, enabling remote execution of arbitrary commands and potential full system compromise as described in CVE-2018-13358. The vulnerability is corroborated by multiple advisories and CNVD/NVD records ...

9CVSS9.1AI score0.24946EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/27 9:0 p.m.20 views

CVE-2018-13358

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter...

9.5AI score0.24946EPSS
Exploits1References1
Rows per page
Query Builder