Lucene search
K

4966 matches found

CVE
CVE
added 2025/01/17 12:0 a.m.102 views

CVE-2024-50967

DATAGerry (Becon DATAGerry) contains an Incorrect Access Control flaw in the /rest/rights/ REST API endpoint through version 2.2.0, enabling remote access without authentication and leading to unauthorized disclosure of sensitive information. The issue is consistently described across multiple so...

6.5CVSS6.9AI score0.01616EPSS
In wildExploits0References3
GithubExploit
GithubExploit
added 2025/01/13 3:44 p.m.200 views

Exploit for CVE-2024-11972

Description Name : CVE-2024-11972 CVSSv3 Score : 9...

9.8CVSS10AI score0.54754EPSS
Exploits5
GithubExploit
GithubExploit
added 2025/01/11 6:22 p.m.242 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Vivektamrakar Wp_Rest_Api_Fns

CVE-2024-49328-exploit 🌟 Description: This script exploits...

9.8CVSS7AI score0.01461EPSS
Exploits2
NVD
NVD
added 2025/01/09 7:15 p.m.16 views

CVE-2024-13258

Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13...

9.8CVSS0.00618EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/09 7:5 p.m.9 views

CVE-2024-13258 Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022

Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13...

9.6AI score0.00618EPSS
Exploits0References1
NVD
NVD
added 2025/01/08 11:15 a.m.25 views

CVE-2024-11423

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...

7.5CVSS0.00753EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/08 11:9 a.m.259 views

CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...

7.5CVSS0.00753EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/08 11:9 a.m.11 views

CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...

7.5CVSS6.8AI score0.00753EPSS
Exploits0References3
CVE
CVE
added 2025/01/08 11:9 a.m.100 views

CVE-2024-11423

CVE-2024-11423 is exposed in the WordPress plugin “Ultimate Gift Cards for WooCommerce Pro” (Gift Cards for WooCommerce Pro). The root cause is a missing capability check on several REST API endpoints (notably /wp-json/gifting/recharge-giftcard), enabling unauthenticated attackers to modify data ...

7.5CVSS7.4AI score0.00753EPSS
Exploits0References3
CVE
CVE
added 2025/01/07 4:22 a.m.89 views

CVE-2024-12264

CVE-2024-12264 affects the PayU CommercePro Plugin for WordPress. All versions up to and including 3.8.3 are vulnerable to unauthenticated privilege escalation via /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost, allowing creation of new administrative user accounts. A...

9.8CVSS9.5AI score0.00709EPSS
Exploits0References3
CVE
CVE
added 2025/01/04 11:24 a.m.102 views

CVE-2024-12195

CVE-2024-12195 affects the WordPress plugin “WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts.” The vulnerability is an SQL Injection in the REST endpoint /wp-json/pm/v2/projects/2/task-lists, exploitable through the project_id parameter in ve...

6.5CVSS6.6AI score0.00419EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/04 12:0 a.m.10 views

PT-2025-1774 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin versions up to and including 2.6.16 Description: The WP Project Manager plugin for WordPress is vulnerable to SQL Injection via the project id parameter of the "/wp-json/pm/v2/projects/2/task-lists" REST API endpoint...

6.5CVSS9.8AI score0.00419EPSS
Exploits0References10
OSV
OSV
added 2024/12/31 6:15 a.m.4 views

CVE-2024-11972

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

9.8CVSS5.9AI score0.54754EPSS
Exploits5References1
NVD
NVD
added 2024/12/31 6:15 a.m.35 views

CVE-2024-11972

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

9.8CVSS0.54754EPSS
Exploits5References1
Cvelist
Cvelist
added 2024/12/31 6:0 a.m.35 views

CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

0.54754EPSS
Exploits5References1
CVE
CVE
added 2024/12/31 6:0 a.m.169 views

CVE-2024-11972

CVE-2024-11972 affects the Hunk Companion WordPress plugin prior to 1.9.0. The flaw is improper authorization of REST API endpoints (notably the /wp-json/hc/v1/themehunk-import endpoint), allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, incl...

9.8CVSS6.8AI score0.54754EPSS
Exploits5References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/31 6:0 a.m.20 views

CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

7.1AI score0.54754EPSS
Exploits5References1
Fedora
Fedora
added 2024/12/27 1:24 a.m.18 views

[SECURITY] Fedora 41 Update: incus-6.8-1.fc41

Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...

9.1CVSS9.5AI score0.03092EPSS
Exploits2
NVD
NVD
added 2024/12/19 2:15 a.m.28 views

CVE-2024-10548

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List '/wp-json/pm/v2/projects/1/task-lists' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS0.00384EPSS
Exploits0References2
NVD
NVD
added 2024/12/18 4:15 a.m.19 views

CVE-2024-12025

The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS0.02542EPSS
Exploits1References2
Rows per page
Query Builder