Lucene search
K

212 matches found

Vulnrichment
Vulnrichment
added 2024/07/15 2:16 p.m.13 views

CVE-2024-38496 Symantec Privileged Access Manager Insecure Direct Object Reference vulnerability

The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships...

5.1CVSS6.5AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/20 11:13 a.m.33 views

CVE-2022-48732 drm/nouveau: fix off by one in BIOS boundary checking

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's with GeForce 2 MX GPUs...

0.00235EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.2 views

Intel idxd 安全漏洞

Intel idxd is a driver from Intel Corporation USA. A security vulnerability exists in Intel idxd that stems from a potential security issue with hardware errata allowing untrusted applications direct access...

7.5CVSS6.9AI score0.00196EPSS
Exploits0References6
CVE
CVE
added 2024/05/10 6:0 a.m.75 views

CVE-2024-2441

CVE-2024-2441 (VikBooking plugin) : The VikBooking Hotel Booking Engine & PMS for WordPress (before 1.6.8) suffers an insecure direct object reference (IDOR) flaw in its access control, allowing an authenticated user with subscriber privileges or higher to directly access menus and plugin setting...

8.1CVSS6.5AI score0.0061EPSS
Exploits2References1Affected Software1
Exploit DB
Exploit DB
added 2024/05/04 12:0 a.m.368 views

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 0.01 Revision 0 Summary: The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed...

7.4AI score
Exploits0
wpexploit
wpexploit
added 2024/02/20 12:0 a.m.161 views

Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to see the XSS...

8.5AI score0.00371EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2024/02/09 4:31 a.m.14 views

CVE-2024-0842

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restoreins.php file and. This makes it possible for unauthenticated attackers to make excessive...

7.5CVSS6.8AI score0.00957EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/09 4:31 a.m.36 views

CVE-2024-0842 Backuply - Backup, Restore, Migrate and Clone <= 1.2.6 - Denial of Service

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.6. This is due to direct access of the backuply/restoreins.php file and. This makes it possible for unauthenticated attackers to make excessive...

7.5CVSS7.6AI score0.00957EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/09 12:0 a.m.4 views

WordPress Plugin Backuply Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

7.5CVSS6.6AI score0.00957EPSS
Exploits0References3
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.159 views

Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to see the XSS...

9.3AI score0.00243EPSS
Exploits2
Cvelist
Cvelist
added 2023/11/06 10:56 a.m.35 views

CVE-2023-5090 Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs

A flaw was found in KVM. An improper check in svmsetx2apicmsrinterception may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition...

6CVSS7.5AI score0.00234EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2023/10/09 9:15 p.m.4 views

CVE-2023-43271

Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols...

9.1CVSS5.8AI score0.00586EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/09 12:0 a.m.8 views

PT-2023-28754 · 70Mai · 70Mai A500S

Name of the Vulnerable Software and Affected Versions: 70mai a500s version 1.2.119 Description: The issue is related to incorrect access control, allowing attackers to directly access and delete video files of the driving recorder through ftp and other protocols. Recommendations: For version...

9.1CVSS9AI score0.00586EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.5 views

WordPress plugin Super Store Finder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.8CVSS6.8AI score0.00542EPSS
Exploits0References3
OSV
OSV
added 2023/07/12 12:31 p.m.2 views

GHSA-J2R7-3RVW-G7GX Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

8.2CVSS7.2AI score0.0058EPSS
Exploits0References3
OSV
OSV
added 2023/06/30 8:30 p.m.1 views

GHSA-5CC8-PGP5-7MPM Keycloak Untrusted Certificate Validation vulnerability

A flaw was found in keycloak-core. This flaw considers the scenario when using X509 Client Certificate Authenticatior with the option "Revalidate Client Certificate". A user may be able to choose, if directly connect to keycloak not passing via reverse proxy a specific certificate. If there's a...

6.5CVSS5.8AI score0.00425EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.8 views

TeslaMate 信息泄露漏洞

TeslaMate is an open source project, a self-hosted data logger for Tesla. A security vulnerability exists in TeslaMate version v1.27.1, which stems from a vulnerability that allows an attacker to obtain sensitive information by directly accessing the teslamate link...

5.3CVSS5.7AI score0.00528EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/05/18 12:0 a.m.21 views

CVE-2023-29857

An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link...

5.4AI score0.00528EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/02 12:0 a.m.6 views

Evasys 安全漏洞

Evasys is a platform for fully automated surveys and exam solutions for online, paper-based and mixed use from Evasys Germany. A security vulnerability exists in Evasys versions prior to v8.2 Build 2286 and v9.x prior to v9.0 Build 2401, which stems from a vulnerability in multiple components tha...

8.1CVSS7.7AI score0.00702EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/05/02 12:0 a.m.35 views

CVE-2023-31435

Multiple components such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly...

8.1AI score0.00702EPSS
Exploits1References1
Rows per page
Query Builder