Lucene search
K

34 matches found

Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-12435 Motors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40935

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
CVE
CVE
added 5 days ago12 views

CVE-2026-12435

The Motors – Car Dealership & Classified Listings Plugin for WordPress is affected up to version 1.4.111 by an authorization bypass. An authenticated user with subscriber-level access can mark or unmark another user’s car listing as Sold by replaying a valid nonce from their own listing against a...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/12 6:3 p.m.11 views

EUVD-2026-36525

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS5.4AI score0.0033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48623

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description The Wss4jSecurityInterceptor faile...

3.7CVSS5.8AI score0.00223EPSS
Exploits0References6
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.6 views

CVE-2026-41000: WSS4J validation does not use configured replay cache

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

3.7CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-9555

Malware in sbrugna...

4CVSS7.6AI score0.11441EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2014-9749

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stal...

4CVSS7.4AI score0.11441EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.178 views

RHEL 7 : squid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - squid: Heap overflow issue in URN processing CVE-2019-12526 - Off-by-one error in the snmpHandleUdp...

9.8CVSS8.7AI score0.40982EPSS
Exploits2References20
Amazon
Amazon
added 2023/09/25 12:0 a.m.6 views

Important: squid

Issue Overview: A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack...

9.8CVSS8.5AI score0.27246EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.5 views

SUSE CVE-2013-2051

The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887...

2.6CVSS9AI score0.02128EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:24 a.m.3 views

SUSE CVE-2014-9749

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."...

4CVSS7AI score0.11441EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.4 views

SUSE CVE-2020-11945

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter a short integer. Remote code execution may occur if...

8.8CVSS8.2AI score0.27246EPSS
Exploits0References8
Code423n4
Code423n4
added 2022/04/11 12:0 a.m.9 views

_execute can potentially reorder a batch of commands while executing, breaking any assumptions on command orders.

Lines of code Vulnerability details Impact Since this is important, we quote it again instead of referring to our other bug report on a different, yet related bug. The context within which a command is executed is extremely important. AxelarGatewayMultisig.execute takes a signed batch of commands...

7.4AI score
Exploits0
OSV
OSV
added 2020/05/13 11:37 a.m.4 views

USN-4356-1 squid, squid3 vulnerabilities

Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes ESI responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. CVE-2019-12519, CVE-2019-12521 It was discovered that Squid incorrectly handled the...

9.8CVSS6.9AI score0.27246EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/05/06 1:55 p.m.5 views

squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution

A flaw was found in Squid, where a remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This issue occurs because the attacker can overflow the nonce reference counter, which results in remote code execution if the pooled token...

9.8CVSS6.4AI score0.27246EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/05/06 1:53 p.m.7 views

squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution

A flaw was found in Squid, where a remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This issue occurs because the attacker can overflow the nonce reference counter, which results in remote code execution if the pooled token...

9.8CVSS6.4AI score0.27246EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/05/06 1:27 p.m.3 views

squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution

A flaw was found in Squid, where a remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This issue occurs because the attacker can overflow the nonce reference counter, which results in remote code execution if the pooled token...

9.8CVSS6.4AI score0.27246EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/05/06 12:16 p.m.3 views

squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution

A flaw was found in Squid, where a remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This issue occurs because the attacker can overflow the nonce reference counter, which results in remote code execution if the pooled token...

9.8CVSS6.4AI score0.27246EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/05/06 12:0 a.m.40 views

RHEL 8 : squid:4 (RHSA-2020:2038)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2038 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid:...

9.8CVSS7.3AI score0.27246EPSS
Exploits0References6
Rows per page
Query Builder