Lucene search
+L

220 matches found

Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.13 views

PT-2025-36954

Name of the Vulnerable Software and Affected Versions: wabac.js versions 2.23.10 and below Description: wabac.js provides a full web archive replay system using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic. The requestURL parameter,...

7.1CVSS5.5AI score0.00237EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/23 6:39 a.m.11 views

CVE-2024-11118

The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings function. This makes it possible for unauthenticated attackers to make changes to plug...

5.3CVSS6.4AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.7 views

CVE-2023-47530

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7...

7.6CVSS7.7AI score0.00725EPSS
Exploits0References1
CVE
CVE
added 2024/11/16 3:20 a.m.50 views

CVE-2024-11118

CVE-2024-11118 affects the WordPress 404 Error Monitor plugin up to version 1.1. It is a CSRF vulnerability caused by missing nonce validation in updatePluginSettings(), enabling unauthenticated attackers to forge requests that modify plugin settings and clear error logs if a site admin clicks a ...

5.3CVSS4.8AI score0.00277EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/16 3:20 a.m.11 views

CVE-2024-11118 404 Error Monitor <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update via updatePluginSettings Function

The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings function. This makes it possible for unauthenticated attackers to make changes to plug...

5.3CVSS6.4AI score0.00277EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.11 views

WordPress 404 Error Monitor Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software 404 Error Monitor Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-11118 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f4f174f33f42 Credits Francesco Carlucci...

5.3CVSS7AI score0.00277EPSS
Exploits0References2Affected Software1
Citrix
Citrix
added 2024/10/15 12:0 a.m.9 views

Spinning wheel during store access for German users, after Storefront upgrade from 2402 to 2402 CU1

Issue: After upgrading Storefront from 2402 to 2402 CU1, German language users may experience a spinning wheel during store access. This does not apply when upgrading from earlier versions of StoreFront, such as from 2203 to 2402 CU1. Symptoms or Error: The developer tool shows Http 404 error for...

7AI score
Exploits0
NVD
NVD
added 2024/10/04 5:15 a.m.32 views

CVE-2024-9204

The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $SERVER'REQUESTURI' in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00436EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/10/04 12:0 a.m.16 views

WordPress Smart Custom 404 Error Page Plugin <= 11.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Smart Custom 404 Error Page Type Plugin Vulnerable versions = 11.4.7 Fixed in 11.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9204 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6f4afc297c2e Credits...

6.1CVSS5.9AI score0.00436EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/06 12:0 a.m.10 views

CVE-2024-34471

An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability resulting in file deletion exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete...

6.5AI score0.00737EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/06 12:0 a.m.20 views

CVE-2024-34471

An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability resulting in file deletion exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete...

6.4AI score0.00737EPSS
Exploits1References1
OSV
OSV
added 2024/03/06 10:52 a.m.20 views

BIT-ARGO-CD-2020-11576

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid non-SSO accounts because /api/v1/session returned 401 for an existing username and 404 otherwise...

5.3CVSS5AI score0.01924EPSS
Exploits0References3
Prion
Prion
added 2023/12/18 11:15 p.m.13 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7...

5.8CVSS7.8AI score0.00725EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/18 10:57 p.m.67 views

CVE-2023-47530

CVE-2023-47530 affects the WordPress plugin WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs (&lt;= v1.8.7). Root cause: SQL injection due to improper neutralization of input in the plugin’s SQL queries. Impact per sources: high/severe risk (CVSS ~7.2). Affected versions:

7.6CVSS7.7AI score0.00725EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2023/11/10 11:30 a.m.50 views

Afuzz - Automated Web Path Fuzzing Tool For The Bug Bounty Projects

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects. Afuzz is being actively developed by @rapiddns Features Afuzz automatically detects the development language used by the website, and generates extensions according to the language Uses blacklist to filter invalid pages Uses...

7.1AI score
Exploits0References3
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.10 views

WordPress Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin <= 1.8.7 is vulnerable to SQL Injection

Software Redirect 404 Error Page to Homepage or Custom Page with Logs Type Plugin Vulnerable versions = 1.8.7 Fixed in 1.8.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-47530 Patch priority Medium CVSS severity Medium 7.6 Developer Claim ownership PSID c586c5b28368 Credit...

7.6CVSS6.8AI score0.00725EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2023/10/11 12:41 p.m.58 views

Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023

More than 17,000 WordPress websites have been compromised in the month of September 2023 with a malware known as Balada Injector, nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagD...

6.1CVSS7AI score0.01582EPSS
Exploits2
The Hacker News
The Hacker News
added 2023/10/10 9:20 a.m.30 views

New Magecart Campaign Alters 404 Error Pages to Steal Shoppers' Credit Cards

A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to...

6.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.12 views

PT-2023-3319 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak versions affected versions not specified Description: The issue is related to a cross-site scripting XSS vulnerability in Keycloak, an open-source identity and access management solution. This vulnerability can be exploited by settin...

10CVSS6.5AI score0.00626EPSS
Exploits0References10
NVD
NVD
added 2023/06/03 11:15 a.m.35 views

CVE-2023-3085

A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10b202303061504. This issue affects the function runaction of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument requestpath leads ...

6.1CVSS4.5AI score0.00489EPSS
Exploits0References4
Rows per page
Query Builder