Lucene search
+L

166 matches found

CNNVD
CNNVD
added 2024/06/09 12:0 a.m.13 views

WordPress plugin EventPrime security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.7AI score0.00472EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.7 views

PT-2024-11569 · Nuki · Nuki Smart Lock 2.0 +1

Name of the Vulnerable Software and Affected Versions: Nuki Smart Lock 3.0 versions 3.0 through 3.3.4 Nuki Smart Lock 2.0 versions 2.0 through 2.12.3 Description: An issue was discovered on certain Nuki Home Solutions devices, where it is possible to send multiple BLE malformed packets to block...

9.8CVSS6.6AI score0.0161EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/04/05 8:27 a.m.10 views

WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability

Booking Price Manipulation vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin EventPrime versions = 3.3.4...

9.8CVSS7AI score0.00472EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.23 views

WordPress MasterStudy LMS Plugin <= 3.3.3 is vulnerable to Local File Inclusion

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3136 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0e613f9f337e Credits Hiroho Shimada Required privilege...

9.8CVSS6.8AI score0.05018EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/26 12:0 a.m.20 views

WordPress BetterDocs Plugin <= 3.3.3 is vulnerable to PHP Object Injection

Software BetterDocs Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30226 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4a7582c42893 Credits stealthcopter Required privilege Unauthenticate...

9CVSS6.8AI score0.00864EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/30 1:15 p.m.3 views

CVE-2023-48331

Cross-Site Request Forgery CSRF vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4...

8.8CVSS7.3AI score0.00256EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/11/23 12:0 a.m.12 views

WordPress MyBookTable Bookstore Plugin <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software MyBookTable Bookstore Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ac06dff1976c Credits Nguyen Xuan...

8.8CVSS7AI score0.00256EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/16 9:30 a.m.32 views

Apache Hadoop allows local user to gain root privileges

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

7.5CVSS7.4AI score0.02089EPSS
Exploits0References8Affected Software1
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.8 views

Apache Hadoop Code Issue Vulnerability

Apache Hadoop is a set of open source distributed systems infrastructure of the U.S. Apache Apache Foundation. It is capable of distributed processing of large amounts of data and is characterized by high reliability, high scalability, and high fault tolerance. A security vulnerability exists in...

7.5CVSS6.7AI score0.02089EPSS
Exploits0References8
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.20 views

WordPress WP News and Scrolling Widgets Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WP News and Scrolling Widgets Type Plugin Vulnerable versions = 3.3.4 Fixed in 4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c0214c70fb9b Credits Rafie Muhammad Patchstac...

6.1AI score0.00284EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.3 views

PT-2023-26332

Name of the Vulnerable Software and Affected Versions coreruleset aka OWASP ModSecurity Core Rule Set versions 3.3.4 and earlier Description The issue allows attackers to potentially bypass a Web Application Firewall WAF using a crafted payload, exploiting "Content-Type confusion" between the WAF...

9.8CVSS8.2AI score0.00754EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.6 views

OWASP ModSecurity Core Rule Set 安全漏洞

The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A security vulnerability exists in OWASP ModSecurity Core Rule Set 3.3.4 and earlier versions that stems from not blocking multiple Content-Type...

9.8CVSS8.2AI score0.00754EPSS
Exploits0References3
OSV
OSV
added 2023/07/11 10:15 a.m.5 views

CVE-2023-36521

A vulnerability has been identified in SIMATIC MV540 H All versions V3.3.4, SIMATIC MV540 S All versions V3.3.4, SIMATIC MV550 H All versions V3.3.4, SIMATIC MV550 S All versions V3.3.4, SIMATIC MV560 U All versions V3.3.4, SIMATIC MV560 X All versions V3.3.4. The result synchronization server of...

7.5CVSS7.2AI score0.00626EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.8 views

PT-2023-24194 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions 1.4.0 through 2.3.16 Xibo versions 2.3.17 is not affected, but versions prior to 3.3.5 are affected, so the correct range is Xibo versions 3.3.0 through 3.3.4 Description: A SQL injection issue was discovered in the...

6.5CVSS6.7AI score0.00626EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.7 views

PT-2023-24195 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions 3.2.0 through 3.3.4 Description: A SQL injection issue was discovered in the nameFilter function, allowing an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical...

6.5CVSS6.7AI score0.00621EPSS
Exploits0References7
Gentoo Linux
Gentoo Linux
added 2023/05/21 12:0 a.m.40 views

OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities

Background Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set. Description Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for detail...

9.8CVSS7.4AI score0.02542EPSS
Exploits1
OSV
OSV
added 2023/04/07 12:15 p.m.6 views

CVE-2023-25049

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.4 versions...

4.8CVSS7.3AI score0.00394EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/03/30 12:0 a.m.18 views

WordPress affiliate-toolkit Plugin <= 3.3.3 is vulnerable to Cross Site Scripting (XSS)

Software affiliate-toolkit Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23786 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 35eed840e2de Credits yuyudhn Required...

5.9CVSS5.8AI score0.00358EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/13 12:0 a.m.5 views

WordPress Real Estate 7 Theme <= 3.3.4 is vulnerable to Broken Access Control

Software Real Estate 7 Type Theme Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 5.8 Developer Claim ownership PSID a71c4c5edd92 Credits RE-ALTER Required privilege Unauthenticat...

6.8AI score
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.5 views

SUSE CVE-2013-7338

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a file size value larger than the size of the zip file to the 1 ZipExtFile.read, 2 ZipExtFile.readn, 3 ZipExtFile.readlines, 4 ZipFile.extract, or 5 ZipFile.extractall function...

7.1CVSS6.9AI score0.05055EPSS
Exploits1References3
Rows per page
Query Builder