Lucene search
K

24 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-25682

Malware in sbrugna...

8.8CVSS8.4AI score0.01976EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30233

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00205EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/21 4:30 a.m.8 views

CVE-2025-10146

The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘userids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS5.6AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/09/19 4:27 a.m.27 views

CVE-2025-10146

CVE-2025-10146 affects the WordPress Download Manager plugin, with vulnerable versions up to 3.3.23, due to insufficient input sanitization and output escaping in the parameter user_ids . This enables Reflected Cross-Site Scripting by unauthenticated attackers who lure a user to perform an action...

6.1CVSS5.3AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.6 views

PT-2025-38509

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions prior to 3.3.24 Description The WordPress Download Manager plugin is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows...

6.1CVSS6.2AI score0.00205EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-15106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file a...

6.5CVSS6.8AI score0.01291EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-15112

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This...

6.5CVSS6.9AI score0.01256EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.5 views

SUSE CVE-2020-15114

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requestin...

7.7CVSS8.2AI score0.01206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.4 views

SUSE CVE-2020-15115

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...

7.5CVSS8.8AI score0.01342EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2021/10/21 7:38 p.m.13 views

CVE-2021-39321 Sassy Social Share 3.3.23 PHP Object Injection

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wpajaxheateorsssimportconfig AJAX action due to deserialization of unvalidated user supplied inputs via the importconfig function found in the /admin/class-sassy-social-share-admin.php file. Th...

8.8CVSS8.7AI score0.01976EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2021/10/20 12:0 a.m.24 views

Sassy Social Share 3.3.23 - Missing Access Controls to PHP Object Injection

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wpajaxheateorsssimportconfig AJAX action due to a missing capability check in the importconfig function found in the /admin/class-sassy-social-share-admin.php file along with the implementation...

8.8CVSS1.4AI score0.01976EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2020/08/13 12:0 a.m.3 views

ETCD Resource Management Error Vulnerability

etcd is a key-value storage system for distributed systems written in the Go language. A resource management error vulnerability exists in etcd versions prior to 3.3.23 and 3.4.10. An attacker could exploit this vulnerability to cause a denial of service...

7.7CVSS6.7AI score0.01206EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/10 12:0 a.m.3 views

etcd input validation error vulnerability (CNVD-2020-47967)

etcd is a key-value storage system for distributed systems written in the Go language. An input validation error vulnerability exists in etcd versions prior to 3.3.23 and prior to 3.4.10. The vulnerability stems from a network system or product that does not properly validate input data. No...

6.5CVSS9.5AI score0.01291EPSS
Exploits0References1
OSV
OSV
added 2020/08/06 11:15 p.m.3 views

DEBIAN-CVE-2020-15114

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requestin...

7.7CVSS6.7AI score0.01206EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/08/06 10:45 p.m.40 views

CVE-2020-15136

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

6.5CVSS7.5AI score0.01636EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/08/06 10:15 p.m.2 views

CVE-2020-15115

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...

7.5CVSS5.4AI score0.01342EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2020/08/06 12:0 a.m.2 views

etcd Input Validation Error Vulnerability

etcd is a key-value storage system for distributed systems written in the Go language. An input validation error vulnerability exists in etcd versions prior to 3.3.23 and prior to 3.4.10. The vulnerability stems from a network system or product that does not properly validate input data. A remote...

6.5CVSS9.6AI score0.01256EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/06 12:0 a.m.1 views

etcd Access Restriction Bypass Vulnerability

etcd is a key-value storage system for distributed systems written in the Go language. A security vulnerability exists in etcd versions prior to 3.3.23 and 3.4.10, which stems from the program failing to perform any privilege checks. An attacker could exploit this vulnerability to bypass access...

7.1CVSS9.3AI score0.00227EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/08/05 7:5 p.m.30 views

CVE-2020-15106

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...

6.5CVSS7.6AI score0.01291EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/08/05 12:0 a.m.4 views

PT-2020-14195 · Coreos +3 · Etcd +3

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.23 and earlier etcd versions 3.4.10 and earlier Description: The issue concerns the creation of certain directory paths with restricted access permissions by using the os.MkdirAll function, which does not perform permission...

7.7CVSS7.1AI score0.01636EPSS
Exploits0References32
Rows per page
Query Builder