Lucene search
K

91 matches found

Prion
Prion
added 2023/04/05 2:15 p.m.16 views

Design/Logic Flaw

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrcclearcache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's...

5CVSS5.2AI score0.00615EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/05 1:23 p.m.8 views

CVE-2023-1868 YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrcclearcache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's...

6.5CVSS6.7AI score0.00615EPSS
Exploits0References4
CVE
CVE
added 2023/04/05 1:23 p.m.59 views

CVE-2023-1868

CVE-2023-1868 affects the YourChannel WordPress plugin (versions

6.5CVSS6.1AI score0.00615EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.13 views

WordPress plugin YourChannel 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS6.8AI score0.00615EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.7 views

PT-2023-17297 · WordPress · Yourchannel

Name of the Vulnerable Software and Affected Versions: YourChannel plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to a missing capability check when clearing the plugin cache via the yrc clear cache GET parameter. This allows unauthenticated attackers ...

6.5CVSS6.1AI score0.00615EPSS
Exploits0References6
Prion
Prion
added 2023/03/10 8:15 p.m.19 views

Cross site request forgery (csrf)

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearpagecache function. This makes it possible for unauthenticated attackers to clear the...

4.3CVSS4.3AI score0.00315EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:7 a.m.2 views

SUSE CVE-2016-1694

browser/browsingdata/browsingdataremover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority...

5.3CVSS8.9AI score0.01004EPSS
Exploits0References6
Prion
Prion
added 2023/01/23 5:15 p.m.13 views

Authorization

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...

4CVSS4.5AI score0.00591EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/23 4:30 p.m.7 views

CVE-2023-0447

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...

4.3CVSS4.4AI score0.00591EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 12:12 a.m.18 views

Password change doesn't result in Karaf clearing cache

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared e.g. via restart...

7.5CVSS6.9AI score0.01092EPSS
Exploits0References5Affected Software1
Huntr
Huntr
added 2022/01/17 1:13 p.m.9 views

Cross-Site Request Forgery (CSRF) in liangliangyy/djangoblog

Description Hi there, I would like to report a Cross Site Request Forgery in djangoblog source code. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker t...

1.1AI score
Exploits0References1
OSV
OSV
added 2021/04/06 4:15 p.m.3 views

CVE-2021-26833

Cleartext Storage in a File or on Disk in TimelyBills = 1.7.0 for iOS and versions = 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding...

5.9CVSS6.2AI score0.00979EPSS
Exploits1References1
Prion
Prion
added 2021/04/06 4:15 p.m.12 views

Design/Logic Flaw

Cleartext Storage in a File or on Disk in TimelyBills = 1.7.0 for iOS and versions = 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding...

4.3CVSS5.3AI score0.00979EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/06 3:46 p.m.19 views

CVE-2021-26833

Cleartext Storage in a File or on Disk in TimelyBills = 1.7.0 for iOS and versions = 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding...

5.6AI score0.00979EPSS
Exploits1References1
GitLab Advisory Database
GitLab Advisory Database
added 2021/02/08 12:0 a.m.17 views

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

2.3AI score
Exploits0References4Affected Software1
CNVD
CNVD
added 2020/08/25 12:0 a.m.1 views

DBHcms Access Control Error Vulnerability

DBHcms is a small, free and open source content management system for personal and small business websites. An access control error vulnerability exists in DBHcms 1.2.0. The vulnerability stems from an access control failure to clear cache operation at line 175 of dbhcmspage.php. An attacker can...

5.9CVSS6.9AI score0.00742EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2019/09/02 12:0 a.m.25 views

www/varnish6 -- Denial of Service

The Varnish Team reports: A failure in HTTP/1 parsing can allow a remote attacker to trigger an assertion in varnish, restarting the daemon and clearing the cache...

5.6AI score
Exploits0References1
Node.js
Node.js
added 2017/08/08 9:23 p.m.29 views

Hijacked Environment Variables

Overview The fabric-js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

5CVSS4.7AI score0.01123EPSS
Exploits0Affected Software1
OSV
OSV
added 2017/04/02 1:59 a.m.3 views

CVE-2017-2400

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing...

5.3CVSS7.3AI score0.01459EPSS
Exploits0References3
OSV
OSV
added 2016/06/05 11:59 p.m.0 views

CVE-2016-1694

browser/browsingdata/browsingdataremover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority...

5.3CVSS6.9AI score
Exploits0References11
Rows per page
Query Builder