Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Patchstack
Patchstackadded 2024/06/04 6:35 a.m.4 views

WordPress BuddyBoss Platform plugin < 2.6.0 - Insecure Direct Object Reference on Like Comment vulnerability

Insecure Direct Object Reference on Like Comment vulnerability discovered by Faris Krivi in WordPress Plugin Buddyboss Platform versions 2.6.0...

5.3CVSS7AI score0.00238EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2024/06/04 6:0 a.m.16 views

CVE-2024-4750 BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment

The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request...

6.3AI score0.00238EPSS
Exploits2References1
wpexploit
wpexploitadded 2024/05/14 12:0 a.m.184 views

BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment

Description The plugin contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request POST /wp-admin/admin-ajax.php HTTP/2 Host: buddyboss.example.com Cookie: REDACTED User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:120.0...

6.5AI score0.00238EPSS
Exploits2
Tenable Nessus
Tenable Nessusadded 2023/12/14 12:0 a.m.42 views

Oracle Linux 9 : containernetworking-plugins (ELSA-2023-7766)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-7766 advisory. - rebuild for following CVEs: CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 Tenable has extracted the preceding descriptio...

7.5CVSS7.1AI score0.00122EPSS
Exploits0References6
Veracode
Veracodeadded 2023/10/02 8:15 p.m.34 views

Cross-Site Scripting (XSS)

html/template is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability exists because the package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in...

6.1CVSS5.7AI score0.00087EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessusadded 2023/09/21 12:0 a.m.29 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:3700-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3700-1 advisory. - The html/template package does not properly handle HTML-like comment tokens, nor hashbang !...

6.1CVSS7AI score0.00087EPSS
Exploits0References9
UbuntuCve
UbuntuCveadded 2023/09/08 5:15 p.m.35 views

CVE-2023-39318

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...

6.1CVSS6.7AI score0.00087EPSS
Exploits0References11
Rows per page
Query Builder