Lucene search
+L

303 matches found

Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.5 views

PT-2025-1492 · Unknown · Idx Impress Listings

Name of the Vulnerable Software and Affected Versions: IDX IMPress Listings versions n/a through 2.6.2 Description: The issue is related to a Missing Authorization vulnerability in IDX IMPress Listings, which allows exploiting incorrectly configured access control security levels. Recommendations...

6.5CVSS9.4AI score0.00317EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.8 views

PT-2024-36206 · WordPress · Wpexpertsio New User Approve

Name of the Vulnerable Software and Affected Versions: WPExpertsio New User Approve versions 2.6.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For WPExpertsi...

5.4CVSS7.2AI score0.00319EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.3 views

WordPress plugin New User Approve 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS8.3AI score0.00319EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/12/11 8:44 p.m.4 views

WordPress New User Approve plugin <= 2.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin New User Approve versions = 2.6.2...

5.4CVSS7AI score0.00319EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.13 views

WordPress plugin Sky Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

8.1CVSS7.8AI score0.00666EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/11/21 12:0 a.m.21 views

WordPress Sky Addons for Elementor Plugin <= 2.6.1 is vulnerable to Sensitive Data Exposure

Software Sky Addons for Elementor Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9542 Patch priority Low CVSS severity Low 4.3 Developer Shahidul Islam PSID d2ce76706206 Credits Nishiv Required...

4.3CVSS6.9AI score0.003EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/29 11:15 a.m.5 views

CVE-2024-50407

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kiboko Labs Namaste! LMS allows Reflected XSS.This issue affects Namaste! LMS: from n/a through 2.6.2...

6.1CVSS5.8AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.6 views

WordPress plugin Namaste! LMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6.1AI score0.003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.4 views

PT-2024-34180 · Unknown · Namaste! Lms

Name of the Vulnerable Software and Affected Versions: Namaste! LMS versions through 2.6.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For versions...

7.1CVSS5.5AI score0.003EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.4 views

WordPress plugin Namaste! LMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.1AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2024/10/26 9:30 p.m.1 views

GHSA-W455-MFQ9-HF74 insane vulnerable to Regular Expression Denial of Service

insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are available...

8.7CVSS5.9AI score0.00513EPSS
Exploits1References4
Patchstack
Patchstack
added 2024/10/17 6:14 p.m.5 views

WordPress Infinite-Scroll plugin <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Infinite-Scroll versions = 2.6.2...

5.3CVSS7AI score0.00242EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.12 views

PT-2024-15990 · WordPress · Infinite-Scroll

Name of the Vulnerable Software and Affected Versions: Infinite-Scroll plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the process ajax edit and process ajax delete functions...

5.3CVSS7.1AI score0.00242EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/10/05 12:0 a.m.12 views

PT-2024-32704 · Unknown · Payflex Payment Gateway

Name of the Vulnerable Software and Affected Versions: Payflex Payment Gateway versions through 2.6.1 Description: The issue is an 'Open Redirect' vulnerability, which allows URL redirection to untrusted sites. This vulnerability affects Payflex Payment Gateway. Recommendations: For Payflex Payme...

4.7CVSS7.1AI score0.00316EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/31 10:0 p.m.29 views

CVE-2024-7327 Xinhu RockOA openmodhetongAction.php dataAction sql injection

A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS0.00514EPSS
Exploits1References4
CVE
CVE
added 2024/07/31 10:0 p.m.59 views

CVE-2024-7327

The CVE-2024-7327 entry concerns Xinhu RockOA 2.6.2. The vulnerable component is the function dataAction in /webmain/task/openapi/openmodhetongAction.php, where manipulating the nickName parameter leads to SQL injection. The vulnerability is exploitable remotely, and the exploit has been publicly...

8.8CVSS6.8AI score0.00514EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/07/22 9:31 a.m.17 views

GHSA-X72P-G37Q-4XR9 Withdrawn: SFTPGo's JWT implmentation lacks certain security measures

Withdrawn: The attack vector described in the backing report required that an attacker gain access to a user's session cookie. By gaining access to the session cookie the attacker is for all intents and purposes the valid user and any access to user data would be expected. In SFTPGo 2.6.2, the JW...

7.1CVSS6.4AI score
Exploits0References4
NVD
NVD
added 2024/07/22 7:15 a.m.21 views

CVE-2024-40430

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Exploits0
Vulnrichment
Vulnrichment
added 2024/07/22 12:0 a.m.18 views

CVE-2024-40430

...

5.2AI score
Exploits0
Cvelist
Cvelist
added 2024/07/22 12:0 a.m.30 views

CVE-2024-40430

...

Exploits0
Rows per page
Query Builder