Lucene search
K

36104 matches found

OSV
OSV
added 2024/09/28 5:57 a.m.2 views

BELL-CVE-2024-46806

Bulletin has no description...

5.5CVSS7.1AI score0.00233EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/09/25 8:28 a.m.5 views

Mozilla: Information disclosure on password cancel endpoint

The password reset cancellation process disclosed the user's IP address in the email sent to the user upon cancellation. This information disclosure vulnerability was exploited to obtain the IP address of a user by tricking them into submitting the password reset cancellation request...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2024/09/25 2:5 a.m.37 views

CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

5.3CVSS0.00275EPSS
Exploits0References2
CVE
CVE
added 2024/09/25 2:5 a.m.49 views

CVE-2024-7491

The CVE-2024-7491 entry concerns HUSKY – Products Filter Professional for WooCommerce for WordPress. It is an Insecure Direct Object Reference via the woof_messenger_remove_subscr AJAX action, caused by missing validation on the user-controlled key. Affected versions are up to and including 1.3.6...

5.3CVSS5.4AI score0.00275EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.2 views

WordPress plugin HUSKY 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.7AI score0.00275EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/09/24 2:39 a.m.4 views

kernel: wifi: iwlwifi: mvm: don&#39;t read past the mfuart notifcation

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the...

5.5CVSS6.8AI score0.00268EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/24 12:40 a.m.6 views

kernel: wifi: iwlwifi: mvm: don&#39;t read past the mfuart notifcation

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the...

5.5CVSS6.8AI score0.00268EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/09/23 9:15 p.m.14 views

CVE-2024-42861

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted PdelayReq message to the time synchronization function...

7.5CVSS6.6AI score0.01557EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/09/23 2:47 a.m.4 views

SUSE CVE-2024-8388

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the...

5CVSS8.4AI score0.00342EPSS
Exploits0References3
NVD
NVD
added 2024/09/18 10:15 p.m.24 views

CVE-2024-47059

When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This...

4.3CVSS0.00341EPSS
Exploits0References1
NVD
NVD
added 2024/09/18 6:15 p.m.16 views

CVE-2024-46979

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as...

5.3CVSS0.0055EPSS
Exploits1References3
NVD
NVD
added 2024/09/18 6:15 p.m.17 views

CVE-2024-46978

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...

6.5CVSS0.00519EPSS
Exploits1References3
CVE
CVE
added 2024/09/18 5:25 p.m.55 views

CVE-2024-46978

CVE-2024-46978 concerns XWiki Platform. Public documentation confirms a vulnerability where an attacker who knows another user’s notification filter ID can enable/disable or delete that filter, potentially causing the target to miss page notifications. Root cause: insufficient privilege checks wh...

6.5CVSS6.3AI score0.00519EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/18 5:25 p.m.21 views

CVE-2024-46978 Missing checks for notification filter preferences editions in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...

6.5CVSS6.8AI score0.00519EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/09/18 5:25 p.m.20 views

CVE-2024-46978 Missing checks for notification filter preferences editions in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...

6.5CVSS0.00519EPSS
Exploits1References3
OSV
OSV
added 2024/09/18 5:25 p.m.13 views

CVE-2024-46978 Missing checks for notification filter preferences editions in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...

6.5CVSS6.5AI score0.00519EPSS
Exploits1References5
OSV
OSV
added 2024/09/18 5:23 p.m.15 views

CVE-2024-46979 Data leak of notification filters of users in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as...

5.3CVSS6.4AI score0.0055EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/09/18 5:23 p.m.27 views

CVE-2024-46979 Data leak of notification filters of users in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as...

5.3CVSS0.0055EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/09/18 5:23 p.m.21 views

CVE-2024-46979 Data leak of notification filters of users in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as...

5.3CVSS6.5AI score0.0055EPSS
Exploits1References3
CVE
CVE
added 2024/09/18 5:23 p.m.59 views

CVE-2024-46979

CVE-2024-46979 affects XWiki Platform (all versions since 13.2-rc-1). The issue allows access to any user’s notification filters via a URL like /bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults, revealing data that is largely references/public but could be combined wi...

5.3CVSS5.1AI score0.0055EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder