CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3642 matches found

OSV•added 2023/10/20 8:15 a.m.•3 views

CVE-2020-36753

The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save metabox data via a forged request...

4.3CVSS5.6AI score0.00397EPSS

Exploits1References9

CNNVD•added 2023/10/20 12:0 a.m.•1 views

WordPress theme Hueman Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Hueman, which stems from a missing or incorrect random...

4.3CVSS6.5AI score0.00397EPSS

Exploits1References10

CNNVD•added 2023/10/20 12:0 a.m.•3 views

WordPress Plugin Magic Action Box Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS6AI score0.00345EPSS

Exploits0References3

vulnersOsv•added 2023/10/18 6:27 p.m.•3 views

agora (=0.1.0), ashpd (>=0.2.0-alpha <=0.2.0-alpha-3) +29 more potentially affected by CVE-2024-43806 via rustix (=0.37.13)

rustix CARGO version =0.37.13 is affected by a known vulnerability. The following packages have a transitive dependency on rustix and may be impacted: - agora =0.1.0 - ashpd =0.2.0-alpha, =0.2.0, =1.0.2, =0.6.0, =0.4.0, =0.2.0, =0.2.0-beta.4, =0.25.0, =0.4.8, =0.6.2 and more Source cves:...

6.5CVSS5.8AI score0.0048EPSS

Exploits0

OSV•added 2023/10/17 10:15 p.m.•4 views

UBUNTU-CVE-2023-22098

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

8.2CVSS5.8AI score0.0055EPSS

Exploits1References3

wpexploit•added 2023/10/09 12:0 a.m.•127 views

Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. 1. Create a new PopUp Box within the plugi...

4.8CVSS5.1AI score0.00402EPSS

Exploits2

WPVulnDB•added 2023/10/09 12:0 a.m.•7 views

Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting

4.8CVSS4.8AI score0.00402EPSS

Exploits2Affected Software1

Huntr•added 2023/10/02 3:38 a.m.•10 views

CSRF in Save Box Settings

Description CSRF in Save Box Settings Proof of Concept 1 .Attacker send form fake to user history.pushState'', '', '/'; document.forms0.submit; 2 .User click, interface home changed Video Poc https://drive.google.com/file/d/18y9P7SZuHgNC3uzmD50Xo82Yrmp5V4VS/view?usp=sharing...

7.2AI score

Exploits0

Patchstack•added 2023/09/28 12:0 a.m.•13 views

WordPress Magic Action Box Plugin <= 2.17.2 is vulnerable to Cross Site Scripting (XSS)

Software Magic Action Box Type Plugin Vulnerable versions = 2.17.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5231 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2d85f5acc350 Credits Lana Codes Required...

6.4CVSS5.7AI score0.00345EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2023/09/26 7:35 p.m.•73 views

sing-box vulnerable to improper authentication in the SOCKS inbound

Impact This vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication. Patches Update to sing-box 1.4.5 or 1.5.0-rc.5 and later versions. Workarounds Don't expose the SOCKS5 inbound to insecure environments...

9.8CVSS6.9AI score0.00679EPSS

Exploits0References6Affected Software2

OSV•added 2023/09/26 7:35 p.m.•29 views

GHSA-R5HM-MP3J-285G sing-box vulnerable to improper authentication in the SOCKS inbound

9.1CVSS9.4AI score0.00679EPSS

Exploits0References6

NVD•added 2023/09/25 8:15 p.m.•13 views

CVE-2023-43644

Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to...

9.8CVSS9.4AI score0.00679EPSS

Exploits0References1

Prion•added 2023/09/25 8:15 p.m.•15 views

Authentication flaw

7.5CVSS9.5AI score0.00679EPSS

Exploits0References1Affected Software1

CVE•added 2023/09/25 7:12 p.m.•122 views

CVE-2023-43644

CVE-2023-43644 affects sing-box and enables an authentication bypass for all SOCKS5 inbounds with user authentication via specially crafted requests. The impact is an authentication bypass with potential high-severity consequences. Affected versions require updating to sing-box 1.4.4 or 1.5.0-rc....

9.8CVSS9.6AI score0.00679EPSS

Exploits0References1Affected Software1