CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13008 matches found

Vulnrichment•added 2024/11/23 3:25 a.m.•12 views

CVE-2024-9223 WPDash Notes <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpajaxpostitlistcomment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

4.3CVSS6.7AI score0.00114EPSS

Exploits0References2

CVE•added 2024/11/23 3:25 a.m.•46 views

CVE-2024-9223

CVE-2024-9223 concerns the WordPress plugin WPDash Notes (versions up to and including 1.3.5). A missing capability check in wp_ajax_post_it_list_comment allows authenticated attackers with Subscriber-level access and above to view comments on any post, including private/password-protected, as we...

4.3CVSS4.4AI score0.00114EPSS

Exploits0References2

CNNVD•added 2024/11/23 12:0 a.m.•1 views

WordPress plugin WPDash Notes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS7.7AI score0.00114EPSS

Exploits0References2

Patchstack•added 2024/11/22 9:4 p.m.•2 views

WordPress WPDash Notes plugin <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin WPDash Notes versions = 1.3.5...

4.3CVSS6.9AI score0.00114EPSS

Exploits0References1Affected Software1

OSV•added 2024/11/22 4:15 p.m.•2 views

CVE-2024-38644

An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later...

8.8CVSS5.9AI score0.0176EPSS

Exploits0References1

NVD•added 2024/11/22 4:15 p.m.•9 views

CVE-2024-38646

An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerabilit...

8.4CVSS0.00055EPSS

Exploits0References1

NVD•added 2024/11/22 4:15 p.m.•7 views

CVE-2024-38645

A server-side request forgery SSRF vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later...

9.4CVSS0.00319EPSS

Exploits0References1

OSV•added 2024/11/22 4:15 p.m.•2 views

CVE-2024-38646

6CVSS5.8AI score0.00055EPSS

Exploits0References1

NVD•added 2024/11/22 4:15 p.m.•7 views

CVE-2024-38644

8.8CVSS0.0176EPSS

Exploits0References1

OSV•added 2024/11/22 4:15 p.m.•1 views

CVE-2024-38645

6.5CVSS5.8AI score

Exploits0References1

OSV•added 2024/11/22 4:15 p.m.•0 views

CVE-2024-38643

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3...

9.8CVSS5.9AI score

Exploits0References1

NVD•added 2024/11/22 4:15 p.m.•9 views

CVE-2024-38643

9.8CVSS0.01492EPSS

Exploits0References1

Vulnrichment•added 2024/11/22 3:32 p.m.•7 views

CVE-2024-38643 Notes Station 3

9.3CVSS8AI score0.01492EPSS

Exploits0References1

CVE•added 2024/11/22 3:32 p.m.•53 views

CVE-2024-38643

CVE-2024-38643 affects QNAP Notes Station 3. The issue is a missing authentication for a critical function, allowing remote attackers to gain access to and execute certain functions. The vulnerability is documented with a high impact and network-based attack vector (CVSS 3.1/4.0 metrics indicate ...

9.8CVSS7.3AI score0.01492EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/11/22 3:32 p.m.•16 views

CVE-2024-38643 Notes Station 3

9.3CVSS0.01492EPSS

Exploits0References1

Cvelist•added 2024/11/22 3:32 p.m.•11 views

CVE-2024-38644 Notes Station 3

8.7CVSS0.0176EPSS

Exploits0References1

CVE•added 2024/11/22 3:32 p.m.•47 views

CVE-2024-38644

Notes Station 3 is affected by an OS command injection vulnerability prior to version 3.9.7. The issue could allow remote authenticated attackers to execute commands on affected systems. A fix is available in Notes Station 3 version 3.9.7 and later (3.9.7+); versions before 3.9.7 should upgrade t...

8.8CVSS7.1AI score0.0176EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/11/22 3:32 p.m.•7 views

CVE-2024-38644 Notes Station 3

8.7CVSS7.7AI score0.0176EPSS

Exploits0References1

Vulnrichment•added 2024/11/22 3:32 p.m.•8 views

CVE-2024-38645 Notes Station 3

9.4CVSS6.8AI score0.00319EPSS

Exploits0References1

CVE•added 2024/11/22 3:32 p.m.•48 views

CVE-2024-38645

CVE-2024-38645 affects QNAP Notes Station 3. The issue is a server-side request forgery (SSRF) that could allow remote authenticated attackers to read application data. Public details confirm the vulnerability exists in Notes Station 3 versions prior to 3.9.7 and that 3.9.7 and later versions inc...

9.4CVSS6.3AI score0.00319EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by