Lucene search
+L

194 matches found

NVD
NVD
added 2024/05/17 9:15 a.m.22 views

CVE-2024-33550

Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0...

8.8CVSS8.8AI score0.00476EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/17 8:17 a.m.16 views

CVE-2024-33550 WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability

Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0...

8.8CVSS6.9AI score0.00476EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/17 8:17 a.m.24 views

CVE-2024-33550 WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability

Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0...

8.8CVSS8.8AI score0.00476EPSS
Exploits0References1
CVE
CVE
added 2024/05/17 8:17 a.m.67 views

CVE-2024-33550

CVE-2024-33550 affects the WordPress WP Masquerade plugin (versions n/a–1.1.0). The issue is an Improper Privilege Management vulnerability enabling Privilege Escalation by authenticated users (Subscriber+). Public exploit details are not provided in the documents beyond the authenticated account...

8.8CVSS6.8AI score0.00476EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.6 views

WordPress plugin WP Masquerade 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.6AI score0.00476EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/25 12:29 p.m.8 views

WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability

Authenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP Masquerade versions = 1.1.0...

8.8CVSS7AI score0.00476EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.13 views

WordPress WP Masquerade Plugin <= 1.1.0 is vulnerable to Privilege Escalation

Software WP Masquerade Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33550 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 711ee525c5d1 Credits Rafie...

8.8CVSS6.5AI score0.00476EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.9 views

PT-2024-23114 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: ZITADEL versions prior to 2.42.17 ZITADEL versions 2.42.17 through 2.48.3 Description: ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it i...

8.7CVSS7.4AI score0.0076EPSS
Exploits0References15
vulnersOsv
vulnersOsv
added 2024/03/13 3:39 p.m.6 views

masquerade-proxy (=0.1.0), monoio-quiche (=0.0.1) +3 more potentially affected by CVE-2024-1765 via quiche (>=0.10.0 <=0.18.0)

quiche CARGO version =0.10.0, =0.1.0, =0.6.9 - quiche-tokio =0.1.0 - quiver-h3 =0.1.0 Source cves: CVE-2024-1765 Source advisory: OSV:GHSA-78WX-JG4J-5J6G...

7.5CVSS6.2AI score0.01175EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/03/13 3:38 p.m.5 views

masquerade-proxy (=0.1.0), monoio-quiche (=0.0.1) +3 more potentially affected by CVE-2024-1410 via quiche (>=0.10.0 <=0.18.0)

quiche CARGO version =0.10.0, =0.1.0, =0.6.9 - quiche-tokio =0.1.0 - quiver-h3 =0.1.0 Source cves: CVE-2024-1410 Source advisory: OSV:GHSA-XHG9-XWCH-VR7X...

5.3CVSS5.8AI score0.00662EPSS
Exploits0
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.7 views

Statamic Cross-Site Scripting Vulnerability

Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in files instead of a database. A cross-site scripting vulnerability exists in Statamic that stems from an attacker being able to craft and upload HTML files that look...

8.2CVSS6.2AI score0.00734EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2023/12/13 1:34 p.m.5 views

masquerade-proxy (=0.1.0), monoio-quiche (=0.0.1) +2 more potentially affected by CVE-2023-6193 via quiche (>=0.16.0 <=0.18.0)

quiche CARGO version =0.16.0, =0.18.0 is affected by a known vulnerability. The following packages have a transitive dependency on quiche and may be impacted: - masquerade-proxy =0.1.0 - monoio-quiche =0.0.1 - quiche-tokio =0.1.0 - quiver-h3 =0.1.0 Source cves: CVE-2023-6193 Source advisory:...

5.3CVSS6AI score0.00763EPSS
Exploits0
NVD
NVD
added 2023/11/14 7:15 p.m.24 views

CVE-2023-20519

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity...

3.3CVSS0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/14 6:53 p.m.43 views

CVE-2023-20519

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity...

6.7AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2023/08/22 7:16 p.m.24 views

CVE-2023-37426

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host...

7.5CVSS7.4AI score0.00389EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/22 6:2 p.m.11 views

CVE-2023-37426 Shared SSH Static Host Keys in EdgeConnect SD-WAN Orchestrator

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host...

7.4CVSS6.8AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 2023/08/22 6:2 p.m.40 views

CVE-2023-37426

CVE-2023-37426 concerns Aruba Networks EdgeConnect SD-WAN Orchestrator. The issue is that installations prior to the versions resolved in advisories used shared static SSH host keys across all instances, allowing an attacker to spoof the SSH host signature and masquerade as a legitimate Orchestra...

7.5CVSS7.4AI score0.00389EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2023/06/29 4:48 a.m.31 views

Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data

A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data from infected hosts. Fortinet FortiGuard Labs, which made the discovery, said it found the malware in an executable that masqueraded as a PDF fil...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/26 12:36 p.m.3 views

Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack

An unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134 , said the attack led to the installation of Swiftbelt, a...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/20 5:5 a.m.3 views

Rogue Android Apps Target Pakistani Individuals in Sophisticated Espionage Campaign

Individuals in the Pakistan region have been targeted using two rogue Android apps available on the Google Play Store as part of a new targeted campaign. Cybersecurity firm Cyfirma attributed the campaign with moderate confidence to a threat actor known as DoNot Team, which is also tracked as...

6.6AI score
Exploits0
Rows per page
Query Builder