CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

92 matches found

OSV•added 2021/11/22 9:15 a.m.•19 views

CVE-2021-43557

The uri-block plugin in Apache APISIX before 2.10.2 uses $requesturi without verification. The $requesturi is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains...

7.5CVSS6.6AI score

Exploits0References4

NVD•added 2021/11/22 9:15 a.m.•12 views

CVE-2021-43557

7.5CVSS0.55262EPSS

Exploits1References4

Prion•added 2021/11/22 9:15 a.m.•19 views

Authentication flaw

5CVSS7.4AI score0.55262EPSS

Exploits1References4Affected Software1

Cvelist•added 2021/11/22 8:25 a.m.•25 views

CVE-2021-43557 Path traversal in request_uri variable

7.6AI score0.55262EPSS

Exploits1References4

CNNVD•added 2021/09/27 12:0 a.m.•1 views

WordPress 插件跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin WP Map Block, which stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability to execute...

5.4CVSS5.6AI score0.0018EPSS

Exploits2References2

Patchstack•added 2021/08/30 12:0 a.m.•14 views

WordPress Countdown Block plugin <= 1.1.1 - Missing Authorisation in AJAX action vulnerability

Missing Authorisation in AJAX action vulnerability discovered by apple502j in WordPress Countdown Block plugin versions = 1.1.1. Solution Update the WordPress Countdown Block plugin to the latest available version at least 1.1.2...

4.3CVSS4.2AI score0.0023EPSS

Exploits2References3Affected Software1

Patchstack•added 2021/08/25 12:0 a.m.•12 views

WordPress WP Map Block plugin <= 1.2.2 - Stored Cross-Site Scripting (XSS) vulnerabilities

Stored Cross-Site Scripting XSS vulnerabilities discovered by apple502j in WordPress WP Map Block plugin versions = 1.2.2. Solution Update the WordPress WP Map Block plugin to the latest available version at least 1.2.3...

5.4CVSS2AI score0.0018EPSS

Exploits2References3Affected Software1

NVD•added 2019/08/23 6:15 p.m.•9 views

CVE-2019-15536

The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via deleterecords...

9.8CVSS10AI score0.00307EPSS

Exploits0References1

OSV•added 2019/08/23 6:15 p.m.•1 views

CVE-2019-15536

The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via deleterecords...

9.8CVSS7.4AI score0.00307EPSS

Exploits0References1

Prion•added 2019/08/23 6:15 p.m.•13 views

Sql injection

The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via deleterecords...

7.5CVSS9.9AI score0.00307EPSS

Exploits0References1Affected Software1

CVE•added 2019/08/23 5:51 p.m.•104 views

CVE-2019-15536

CVE-2019-15536 affects the Moodle Acclaim block plugin prior to 2019-06-26, enabling SQL injection via delete_records. Documents indicate a network-exposed, high-severity flaw (CVSS3: CRITICAL, 9.8) with no authentication and no required user interaction, allowing execution of arbitrary SQL comma...

9.8CVSS9.8AI score0.00307EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/08/23 5:51 p.m.•14 views

CVE-2019-15536

The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via deleterecords...

10AI score0.00307EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by