Lucene search
K

150 matches found

WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.24 views

Grab & Save <= 1.0.4 - Cross-Site Request Forgery

Description The Grab & Save plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the mediaprocess function. This makes it possible for unauthenticated attackers to upload images via a forg...

6.7AI score0.00172EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.9 views

Grab & Save <= 1.0.4 - Reflected Cross-Site Scripting

Description The Grab & Save plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.5AI score0.00434EPSS
Exploits1References1
Patchstack
Patchstack
added 2023/11/20 12:0 a.m.9 views

WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Grab & Save Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47844 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 52717b94fa86 Credits Dimas Maulana Required privilege...

7.1CVSS6.5AI score0.00434EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/11/20 12:0 a.m.9 views

WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Grab & Save Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47845 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 10b2ddc4a429 Credits Dimas Maulana Required...

4.3CVSS6.6AI score0.00172EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2023/10/20 7:0 a.m.8 views

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation as demonstrated by a WARNING for try_grab_page.

...

6.3CVSS7AI score0.00448EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/10/17 12:59 a.m.5 views

SUSE CVE-2023-40791

extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...

6.3CVSS7.1AI score0.00448EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/10/16 3:15 a.m.5 views

CVE-2023-40791

extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...

6.3CVSS6.6AI score0.00448EPSS
Exploits1References7
OSV
OSV
added 2023/10/16 3:15 a.m.3 views

DEBIAN-CVE-2023-40791

extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...

6.3CVSS6.2AI score0.00448EPSS
Exploits1References1
OSV
OSV
added 2023/10/16 3:15 a.m.5 views

UBUNTU-CVE-2023-40791

extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...

6.3CVSS5.8AI score0.00448EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.3 views

SUSE CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

4.3CVSS6AI score0.03326EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.5 views

SUSE CVE-2012-0064

xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab...

4.6CVSS6.6AI score0.0039EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.7 views

SUSE CVE-2013-1998

Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service crash and possibly execute arbitrary code via crafted length or index values to the 1 XGetDeviceButtonMapping, 2 XIPassiveGrabDevice, and 3 XQueryDeviceState functions...

6.8CVSS8AI score0.02798EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:33 a.m.3 views

SUSE CVE-2022-1720

Buffer Over-read in function grabfilename in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...

3.3CVSS9AI score0.02098EPSS
Exploits1References16
Malwarebytes
Malwarebytes
added 2022/07/01 6:21 p.m.22 views

AstraLocker 2.0 ransomware isn’t going to give you your files back

Reversing Labs reports that the latest verison of AstraLocker ransomware is engaged in a a so-called "smash and grab" ransomware operation. Smash and grab is all about maxing out profit in the fastest time. It works on the assumption by malware authors that security software or victims will find...

0.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:26 p.m.4 views

Malicious code in grab-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80167770569c74e9a58b9e9b796e11cfeda2451d513e307c21485b8b9ec30b72 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:26 p.m.2 views

Malicious code in grab-locale (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73f4a6e44fec9cf6fa3ac283fca9b75a652db4f8b3a7322ee01c213676bf1694 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:26 p.m.4 views

MAL-2022-3431 Malicious code in grab-locale (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73f4a6e44fec9cf6fa3ac283fca9b75a652db4f8b3a7322ee01c213676bf1694 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:26 p.m.3 views

Malicious code in grab-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5aeead40c6ea31db7f121a77aa9b48ae49993444adca67e57f5a27b7a0652c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:26 p.m.9 views

MAL-2022-3433 Malicious code in grab-storage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98e1089b589ccad73505c806c28a3b46444fe6563145d1b5ca336971eb1bce56 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:24 p.m.3 views

Malicious code in grab-id (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2582603362be992351747677061132c3f941b31bbcf01d70aa7a9d9114ae62a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder