Lucene search
K

4966 matches found

Github Security Blog
Github Security Blog
added 2024/12/10 4:55 p.m.10 views

Simulation of Wasmd message can cause crashing

CWA-2024-009 Severity Low Marginal + Likely^1 Affected versions: - wasmd 0.53.1 Patched versions: - wasmd 0.53.2 please note that wasmd 0.53.1 is broken and must not be used Description of the bug Blank for now. We'll add more detail once chains had a chance to upgrade. Mitigations Apart from...

7AI score
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/10 12:24 p.m.13 views

CVE-2024-11868 LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

5.3CVSS6.9AI score0.01109EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/10 12:24 p.m.30 views

CVE-2024-11868 LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

5.3CVSS0.01109EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2024/12/10 12:0 a.m.9 views

Simulation of Wasmd message can cause crashing

CWA-2024-009 Severity Low Marginal + Likely^1 Affected versions: - wasmd 0.53.1 Patched versions: - wasmd 0.53.2 please note that wasmd 0.53.1 is broken and must not be used Description of the bug Blank for now. We'll add more detail once chains had a chance to upgrade. Mitigations Apart from...

7AI score
Exploits0References3Affected Software1
NVD
NVD
added 2024/12/06 9:15 a.m.16 views

CVE-2024-12028

The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...

5.3CVSS0.00416EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/06 8:24 a.m.7 views

CVE-2024-12028 Friends <= 3.2.1 - Missing Authorization

The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...

5.3CVSS6.8AI score0.00416EPSS
Exploits0References2
CVE
CVE
added 2024/12/06 8:24 a.m.85 views

CVE-2024-12028

The CVE-2024-12028 entry covers the WordPress Friends plugin (up to v3.2.1) with a missing capability check on multiple REST API endpoints. This vulnerability allows unauthenticated attackers to perform actions on behalf of another website, including sending arbitrary friend requests, accepting t...

5.3CVSS5.3AI score0.00416EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/06 8:24 a.m.19 views

CVE-2024-12028 Friends <= 3.2.1 - Missing Authorization

The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...

5.3CVSS0.00416EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/12/02 6:41 p.m.22 views

ibexa/post-install affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...

7.2AI score
Exploits0References9Affected Software1
OSV
OSV
added 2024/12/02 6:41 p.m.9 views

GHSA-4H8F-C635-25P7 ibexa/post-install affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted...

7.2AI score
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/12/02 6:39 p.m.13 views

ibexa/http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

7.2AI score
Exploits0References8Affected Software1
OSV
OSV
added 2024/12/02 6:39 p.m.9 views

GHSA-FH7V-Q458-7VMW ibexa/http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

7.2AI score
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/12/02 6:37 p.m.18 views

ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

7.2AI score
Exploits0References8Affected Software1
OSV
OSV
added 2024/12/02 6:37 p.m.6 views

GHSA-MGFG-7533-7JF6 ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL

Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix...

7.2AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.5 views

PT-2024-40073 · Apache +1 · Apache +1

Name of the Vulnerable Software and Affected Versions: ibexa post-install versions prior to the patched versions Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...

7.1AI score
Exploits0References10
NVD
NVD
added 2024/11/29 10:15 a.m.17 views

CVE-2024-50357

FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial factory default configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server GUI or Web authentication ...

9.8CVSS0.00556EPSS
Exploits0References2
NVD
NVD
added 2024/11/26 9:15 a.m.19 views

CVE-2024-11091

The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00391EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/26 8:31 a.m.13 views

CVE-2024-11091 Support SVG – Upload svg files in wordpress without hassle <= 1.1.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG File Upload

The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00391EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/11/23 5:39 a.m.286 views

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 CVE-2022-1388 is a serious vulnerabil...

9.8CVSS7.6AI score0.99956EPSS
Exploits63
Tenable Nessus
Tenable Nessus
added 2024/11/21 12:0 a.m.27 views

WordPress Plugin 'Really Simple Security Pro' 9.0.0 < 9.1.2 Authentication Bypass

The WordPress application running on the remote host has a version of the 'Really Simple Security Pro' plugin that is 9.0.x prior to 9.1.2. It is, therefore, affected by an authentication bypass vulnerability. This is due to improper user check error handling in the two-factor REST API actions wi...

9.8CVSS7.5AI score0.81722EPSS
Exploits21References3
Rows per page
Query Builder