Lucene search
+L

186 matches found

CVE
CVE
added 2024/04/04 7:49 a.m.77 views

CVE-2024-29007

The CVE-2024-29007 issue affects Apache CloudStack: when downloading templates or ISOs, the CloudStack management server and the secondary storage VM can follow HTTP 301 redirects to external resources, potentially enabling access to restricted or random resources. Affected components are the Clo...

7.3CVSS7.2AI score0.00785EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.32 views

EulerOS Virtualization 2.11.0 : python-urllib3 (EulerOS-SA-2024-1435)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

8.1CVSS6.9AI score0.01207EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/03/12 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1296)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.9AI score0.01207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/08 12:0 a.m.40 views

Fortinet Fortigate lack of certificate validation (FG-IR-23-301)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-301 advisory. - An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 a...

4.8CVSS5.3AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/29 9:37 a.m.54 views

CVE-2023-4464 Poly VVX 601 Diagnostic Telnet Mode os command injection

A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201,...

8.3CVSS7.6AI score0.03315EPSS
Exploits1References6
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.18 views

Simple 301 Redirects by BetterLinks < 2.0.8 - Missing Authorization via clicked

Description The Simple 301 Redirects by BetterLinks plugin for WordPress is vulnerable to unauthorized enabling of plugin usage tracking due to a missing capability check on the clicked function in all versions up to, and including, 2.0.7. This makes it possible for subscribers to enable plugin...

6.8AI score0.00328EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.26 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : pip vulnerabilities (USN-6473-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6473-2 advisory. USN-6473-1 fixed vulnerabilities in urllib3. This update provides the corresponding updates for the...

8.1CVSS7.1AI score0.01207EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/11/13 12:0 a.m.10 views

WordPress Simple 301 Redirects by BetterLinks Plugin <= 2.0.7 is vulnerable to Broken Access Control

Software Simple 301 Redirects by BetterLinks Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47761 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 76b78ec76a84 Credits Abd...

6.6AI score0.00328EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2023/08/09 6:24 p.m.782 views

Exploit for Missing Authorization in Wpdeveloper Simple_301_Redirects

CVE-2021-24356 Simple 301 Redirects by BetterLinks - 2.0.0 – 2...

8.8CVSS8.7AI score0.02997EPSS
Exploits3
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.7 views

WordPress 404 to 301 Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software 404 to 301 Type Plugin Vulnerable versions = 3.0.5 Fixed in 3.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6886ba1d92bc Credits Rafie Muhammad Patchstack Required...

5.9AI score0.00284EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/06/07 2:15 a.m.16 views

CVE-2021-4338

The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the openredirect & saveredirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections...

6.4CVSS6.1AI score0.00617EPSS
Exploits1References5
CVE
CVE
added 2023/06/07 1:51 a.m.44 views

CVE-2021-4338

The CVE-2021-4338 entry concerns the WordPress 404 to 301 plugin. It describes an authorization bypass caused by missing capability checks on the open_redirect and save_redirect functions in versions up to and including 3.0.7. The vulnerability allows authenticated attackers to view, create, and ...

6.4CVSS5.2AI score0.00617EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2023/03/09 12:0 a.m.8 views

WordPress 301 Redirects Plugin <= 2.72 is vulnerable to Cross Site Request Forgery (CSRF)

Software 301 Redirects Type Plugin Vulnerable versions = 2.72 Fixed in 2.73 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer WebFactory Ltd. PSID 87fea3b40751 Credits Unknown Required privilege...

7AI score
Exploits0References1Affected Software1
Prion
Prion
added 2022/10/26 6:15 p.m.26 views

Server side request forgery (ssrf)

The url parameter of the /api/geojson endpoint in Metabase versions 44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects...

4CVSS6.4AI score0.00656EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/10/26 12:0 a.m.29 views

CVE-2022-43776

The url parameter of the /api/geojson endpoint in Metabase versions 44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects...

6.7AI score0.00656EPSS
Exploits1References1
Fedora
Fedora
added 2022/10/17 10:55 p.m.46 views

[SECURITY] Fedora 37 Update: kernel-5.19.15-301.fc37

The kernel meta package...

8.8CVSS6.8AI score0.03763EPSS
Exploits5
Patchstack
Patchstack
added 2022/06/07 12:0 a.m.12 views

WordPress 404 to 301 plugin <= 3.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress 404 to 301 plugin versions = 3.1.1. Solution Update the WordPress 404 to 301 plugin to the latest available version at least 3.1.2...

2.6AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2022/03/16 12:0 a.m.20 views

WordPress SEO 301 Meta plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is a WordPress application plugin. WordPress SEO 301 Meta plugin 1.9.1 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the plugin's...

4.8CVSS1.5AI score0.00588EPSS
Exploits2References1
Prion
Prion
added 2022/03/14 3:15 p.m.13 views

Cross site scripting

The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.8AI score0.00588EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.3 views

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is a WordPress application plugin. WordPress SEO 301 Meta plugin 1.9.1 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the plugin's...

4.8CVSS5.3AI score0.00588EPSS
Exploits2References2
Rows per page
Query Builder