Lucene search
K

119 matches found

Cvelist
Cvelist
added 2024/01/16 3:50 p.m.30 views

CVE-2022-1538 Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload

Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed...

7.2AI score0.012EPSS
Exploits2References1
The Hacker News
The Hacker News
added 2023/11/03 9:35 a.m.46 views

CanesSpy Spyware Discovered in Modified WhatsApp Versions

Cybersecurity researchers have unearthed a number of WhatsApp mods for Android that come fitted with a spyware module dubbed CanesSpy. These modified versions of the instant messaging app have been observed propagated via sketchy websites advertising such modded software as well as Telegram...

7.4AI score
Exploits0
HackRead
HackRead
added 2023/06/09 4:24 p.m.18 views

Minecraft Community on High Alert as Malware Infects Popular Mods

By Waqas Dubbed Fracturizer, researchers delving into the malware's GitHub repository have classified this malware as "extraordinarily perilous. This is a post from HackRead.com Read the original post: Minecraft Community on High Alert as Malware Infects Popular Mods...

7.1AI score
Exploits0
OSV
OSV
added 2023/04/07 4:15 a.m.3 views

CVE-2023-29478

BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution...

9.8CVSS7.4AI score0.01671EPSS
Exploits1References1
Mageia
Mageia
added 2023/01/13 5:37 p.m.48 views

Updated minetest packages fix security vulnerability

This update provides minetest 5.6.1, the latest stable release of the open source voxel game. This updates provides a number of feature and bug fix changes compared to the previous version 5.4.0 provided in Mageia 8. See the linked release notes and changelogs for details. The update also improve...

10CVSS0.7AI score0.02195EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2022/12/20 12:24 p.m.28 views

KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service

An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and...

1AI score
Exploits0
NVD
NVD
added 2022/09/21 12:15 a.m.12 views

CVE-2022-39221

McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program,...

7.5CVSS0.00785EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/04 4:15 p.m.7 views

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

7.2CVSS7AI score0.01484EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/04/04 12:0 a.m.23 views

WordPress plugin MapPress Maps代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress MapPress Maps plugin has an authorization problem vulnerability that stems from a lack of authentication measures or...

7.2CVSS5.8AI score0.01484EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2022/02/15 12:0 a.m.11 views

Debian: Security Advisory (DSA-5075-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.0166EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2022/02/14 5:23 p.m.247 views

‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware

The developer of several popular mods for the Cities: Skylines city-building game has been banned after malware was discovered hidden in their wares. The modder, who goes by the handle Chaos as well as Holy Water, reportedly tucked an automatic updater into several mods that enabled the author to...

7AI score
Exploits0References8
ThreatPost
ThreatPost
added 2022/01/11 2:9 p.m.50 views

Critical SonicWall NAC Vulnerability Stems from Apache Mods

Rapid7 has offered up more details on a SonicWall critical flaw that allows for unauthenticated remote code execution RCE on affected devices, noting that it arises from tweaks that the vendor made to the Apache httpd server. The bug CVE-2021-20038 is one of five vulnerabilities discovered in its...

9.8CVSS10AI score0.99912EPSS
Exploits8References8
Positive Technologies
Positive Technologies
added 2021/10/28 12:0 a.m.1 views

PT-2021-4559

Name of the Vulnerable Software and Affected Versions Chromium versions prior to 97.0.4692.71-0.1deb11u1 qtwebengine5 version 5.15.8 ungoogled-chromium version 113.0.5672.92-1.1 chromedriver version 95.0.4638.69-1.1 nodejs-electron version 13.6.2-1.1 Chromium-gost versions 96.0.4664.45-alt2.c9.1...

10CVSS6.2AI score0.36238EPSS
Exploits2
Fedora
Fedora
added 2021/04/24 8:26 p.m.55 views

[SECURITY] Fedora 34 Update: minetest-5.4.1-1.fc34

Game of mining, crafting and building in the infinite world of cubic blocks with optional hostile creatures, features both single and the network multiplayer mode, mods. Public multiplayer servers are available...

2.1AI score
Exploits0
Fedora
Fedora
added 2021/04/24 6:24 p.m.46 views

[SECURITY] Fedora 32 Update: minetest-5.4.1-1.fc32

Game of mining, crafting and building in the infinite world of cubic blocks with optional hostile creatures, features both single and the network multiplayer mode, mods. Public multiplayer servers are available...

2.1AI score
Exploits0
Fedora
Fedora
added 2021/04/24 6:6 p.m.35 views

[SECURITY] Fedora 33 Update: minetest-5.4.1-1.fc33

Game of mining, crafting and building in the infinite world of cubic blocks with optional hostile creatures, features both single and the network multiplayer mode, mods. Public multiplayer servers are available...

2.1AI score
Exploits0
OSV
OSV
added 2020/07/09 3:15 p.m.2 views

CVE-2020-13994

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker...

8.8CVSS7AI score
Exploits0References1
NVD
NVD
added 2020/07/09 3:15 p.m.28 views

CVE-2020-13992

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket...

6.1CVSS0.01205EPSS
Exploits1References1
OSV
OSV
added 2020/07/09 3:15 p.m.3 views

CVE-2020-13992

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket...

6.1CVSS5.8AI score0.01205EPSS
Exploits1References1
OSV
OSV
added 2020/07/09 3:15 p.m.2 views

CVE-2020-13993

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket...

7.5CVSS7.2AI score0.02054EPSS
Exploits1References1
Rows per page
Query Builder