Lucene search
K

325 matches found

Vulnrichment
Vulnrichment
added 2024/03/27 11:16 p.m.8 views

CVE-2024-0980

The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code...

7.6AI score0.00457EPSS
Exploits0References1
CVE
CVE
added 2024/03/27 11:16 p.m.58 views

CVE-2024-0980

The CVE-2024-0980 issue affects Okta Verify for Windows’ auto-update service. Two flaws, when combined, could allow arbitrary code execution. Documented impact indicates high severity (AV: Adjacent, AC: High, PR: Low, UI: None, S: Unchanged, C/H/I/A: High). Details across connected sources confir...

7.1CVSS7.6AI score0.00457EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/27 11:16 p.m.20 views

CVE-2024-0980

The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code...

7.5AI score0.00457EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.5 views

PT-2024-2475 · Okta · Okta Verify For Windows

Name of the Vulnerable Software and Affected Versions: Okta Verify for Windows affected versions not specified Description: The issue is related to the auto-update service of Okta Verify for Windows, which is vulnerable to two flaws that can be combined to execute arbitrary code. This could allow...

7.1CVSS7.8AI score0.00457EPSS
Exploits0References13
OSV
OSV
added 2023/11/27 5:15 p.m.4 views

CVE-2023-5525

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin...

4.3CVSS5.8AI score0.00454EPSS
Exploits2References1
NVD
NVD
added 2023/11/27 5:15 p.m.17 views

CVE-2023-5525

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin...

4.3CVSS0.00454EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/11/27 4:22 p.m.9 views

CVE-2023-5525 Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin...

6.7AI score0.00454EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/11/27 4:22 p.m.18 views

CVE-2023-5525 Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin...

4.9AI score0.00454EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.4 views

PT-2023-32155 · WordPress · Limit-Login-Attempts-Reloaded

Name of the Vulnerable Software and Affected Versions: Limit Login Attempts Reloaded WordPress plugin versions prior to 2.25.26 Description: The issue is related to missing authorization on the toggle auto update AJAX action. This allows any user with a valid nonce to toggle the auto-update statu...

4.3CVSS6.6AI score0.00454EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.6 views

WordPress plugin Limit Login Attempts Reloaded Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.5AI score0.00454EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.185 views

Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update

Description The plugin is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin. As an Admin, open the Limit Login Attempts page in WP Admin and run the following code in the browser console: nonce =...

4.3CVSS4.7AI score0.00454EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.32 views

Rocky Linux 8 : firefox (RLSA-2022:0510)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0510 advisory. - If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants...

9.6CVSS8.1AI score0.00926EPSS
Exploits1References15
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/10/30 4:48 a.m.3 views

Inkdrop vulnerable to code injection

Overview Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. T.Nodoka reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a specially crafted...

7.8CVSS7.7AI score0.00288EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/10/30 12:0 a.m.39 views

JVN#48057522: Inkdrop vulnerable to code injection

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. Impact If a specially crafted markdown file is opened using the product, arbitrary code may be executed. Solution Update the Software The developer states that Inkdrop has an...

7.8CVSS7.8AI score0.00288EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/25 2:0 a.m.13 views

How to set up computer security for your parents

Last Sunday July 23, 2023 was National Parents Day. And maybe you are wondering how you can repay your parents for turning you into the person you are today. And we have an idea that shouldn't cost you much more than some of your time. Help them to shore up their cybersecurity, if they need it. I...

7AI score
Exploits0
NVD
NVD
added 2023/07/11 1:15 p.m.16 views

CVE-2023-34029

Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...

6.5CVSS5.2AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2023/07/11 1:15 p.m.3 views

CVE-2023-34029

Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...

6.5CVSS7.3AI score
Exploits0References1
Prion
Prion
added 2023/07/11 1:15 p.m.25 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...

4.3CVSS6.6AI score0.00218EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/11 12:0 a.m.4 views

PT-2023-24644 · WordPress · Prem Tiwari Disable Wordpress Update Notifications/Auto-Update Email Notifications

Name of the Vulnerable Software and Affected Versions: Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin versions = 2.3.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing...

6.5CVSS6.9AI score0.00218EPSS
Exploits0References4
Hacker One
Hacker One
added 2023/05/10 11:36 p.m.177 views

U.S. Dept Of Defense: CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman

A cross-site scripting XSS vulnerability was found on the cpanel application hosted on a website. The vulnerability allowed an attacker to steal cookies or hijack a browser session. The cpanel was not updated due to the disabled auto-update feature. The vulnerability was mitigated by enabling the...

6.1CVSS5.4AI score0.65533EPSS
Exploits7
Rows per page
Query Builder