CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2025/02/05 1:1 a.m.•2 views

CVE-2024-28749

A remote attacker with high privileges may use a writing file function to inject OS commands...

7.2CVSS7AI score0.00835EPSS

Exploits0References1

Circl•added 2024/07/09 9:44 a.m.•1 views

CVE-2024-28749

creationtimestamp| type| source ---|---|--- 2024-07-09 09:44:01+00:00| seen| https://t.me/cvedetector/258...

7.2CVSS4.8AI score0.00835EPSS

Exploits0References1

Vulnrichment•added 2024/07/09 7:10 a.m.•8 views

CVE-2024-28749 ifm: Writing file function in Smart PLC allows command injections

A remote attacker with high privileges may use a writing file function to inject OS commands...

7.2CVSS6.9AI score0.00835EPSS

Exploits0References1

Cvelist•added 2024/07/09 7:10 a.m.•13 views

CVE-2024-28749 ifm: Writing file function in Smart PLC allows command injections

A remote attacker with high privileges may use a writing file function to inject OS commands...

7.2CVSS0.00835EPSS

Exploits0References1

CVE•added 2024/07/09 7:10 a.m.•46 views

CVE-2024-28749

CVE-2024-28749 affects ifm electronic Smart PLC AC14xx/AC4xxS via the Write to File function, enabling OS command injections by a remote attacker with elevated privileges. The issue is described as an OS command injection originating from a remote attacker with high privileges; CVSSv3.1 base scor...

7.2CVSS6.9AI score0.00835EPSS

Exploits0References1

CVE•added 2023/11/22 1:2 p.m.•36 views

CVE-2023-28749

CVE-2023-28749 : CSRF vulnerability in CM On Demand Search And Replace (WordPress plugin)

8.8CVSS6.5AI score0.00171EPSS

Exploits0References1Affected Software1

Patchstack•added 2023/05/09 12:0 a.m.•8 views

WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28749 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 611848008c27 Credits Abd...

8.8CVSS6.7AI score0.00171EPSS

Exploits0References2Affected Software1

CVE•added 2022/06/15 8:12 p.m.•60 views

CVE-2022-28749

Affected software: Zoom On-Premise Meeting Connector MMR (versions prior to 4.8.113.20220526). Issue: improper permission checking for attendees in the waiting room, enabling a threat actor to join a meeting without the host’s consent. Impact: unauthorized entry into meetings (no host permission)...

6.5CVSS4.8AI score0.0024EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/06/15 8:12 p.m.•13 views

CVE-2022-28749 Insufficient Authorization Check During Meeting Join

Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host...

6.5CVSS6.6AI score0.0024EPSS

Exploits0References1

CNVD•added 2021/04/14 12:0 a.m.•5 views

WordPress plugin has unspecified vulnerability (CNVD-2021-28749)

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. wpDataTables is used in one of the chart management plugin . WordPress plugin WpDataTables - Tables & Table Charts...

8.1CVSS6.7AI score0.0038EPSS

Exploits0References1

Openbugbounty•added 2017/03/10 11:8 p.m.•15 views

maxcdn.com XSS vulnerability

Vulnerable URL: https://www.maxcdn.com/one/filter/?action=xxx=x!%22--!%3E%3CImage%0CSrcset%3DK%0COnerror%3DconfirmOPENBUGBOUNTY%0C Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

6.3AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by