Lucene search
K

4965 matches found

CNNVD
CNNVD
added 2024/10/02 12:0 a.m.4 views

Cisco Nexus Dashboard和Nexus Dashboard Fabric Controller 安全漏洞

Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller are both products of Cisco, Inc.Cisco Nexus Dashboard is a single console. The Cisco Nexus Dashboard is a single console that simplifies the operation and management of data center networks.The Cisco Nexus Dashboard Fabric Controll...

5.4CVSS6.8AI score0.00456EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.6 views

PT-2024-8626 · Cisco · Cisco Nexus Dashboard

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an...

5.5CVSS6.9AI score0.0037EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/09/30 10:18 p.m.13 views

CVE-2024-9194 SQL Injection in the Octopus Server REST API

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3...

8.7CVSS7.6AI score0.00419EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/30 10:18 p.m.26 views

CVE-2024-9194 SQL Injection in the Octopus Server REST API

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3...

8.7CVSS0.00419EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/25 6:49 a.m.31 views

CVE-2024-8678 Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update

The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. This makes it possible for unauthenticated attackers to mark orders a...

5.3CVSS0.00318EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/25 6:49 a.m.16 views

CVE-2024-8678 Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update

The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. This makes it possible for unauthenticated attackers to mark orders a...

5.3CVSS6.8AI score0.00318EPSS
Exploits0References2
CVE
CVE
added 2024/09/25 6:49 a.m.71 views

CVE-2024-8678

CVE-2024-8678 affects the Revolut Gateway for WooCommerce plugin for WordPress (versions up to and including 4.17.3). The issue is unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint, enabling unauthenticated attackers to mark orders as comp...

5.3CVSS5.5AI score0.00318EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/09/25 3:15 a.m.28 views

CVE-2024-8485

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it...

9.8CVSS0.00574EPSS
Exploits0References3
NVD
NVD
added 2024/09/25 3:15 a.m.34 views

CVE-2024-8484

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.03631EPSS
Exploits1References3
NVD
NVD
added 2024/09/25 3:15 a.m.19 views

CVE-2024-8350

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

2.7CVSS0.00416EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/09/25 2:32 a.m.34 views

CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

2.7CVSS0.00416EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/25 2:32 a.m.21 views

CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

2.7CVSS6.8AI score0.00416EPSS
Exploits1References2
CVE
CVE
added 2024/09/25 2:5 a.m.83 views

CVE-2024-8485

The REST API TO MiniProgram plugin for WordPress is vulnerable to unauthenticated privilege escalation up to version 4.7.1. The flaw is in updateUserInfo(), caused by missing validation of the openid user-controlled key, allowing an attacker to update arbitrary user accounts (e.g., changing email...

9.8CVSS9.7AI score0.00574EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/09/25 2:5 a.m.40 views

CVE-2024-8484 REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.03631EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/09/25 2:5 a.m.14 views

CVE-2024-8484 REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS7.7AI score0.03631EPSS
Exploits1References3
CVE
CVE
added 2024/09/25 2:5 a.m.98 views

CVE-2024-8484

CVE-2024-8484 concerns the WordPress REST API TO MiniProgram plugin. The vulnerability is a SQL Injection in the /wp-json/watch-life-net/v1/comment/getcomments endpoint, exploitable via the attacker-controlled order parameter. It affects all versions up to and including 4.7.1 and is described as ...

7.5CVSS7.8AI score0.03631EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.7 views

WordPress plugin REST API TO MiniProgram 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.5CVSS6.7AI score0.03631EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2024/09/24 1:46 p.m.78 views

Exploit for SQL Injection in Jianbo Rest_Api_To_Miniprogram

CVE-2024-8484 REST API TO MiniProgram = 4.7.1 - Unauthenti...

7.5CVSS9.7AI score0.03631EPSS
Exploits1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.19 views

WordPress REST API TO MiniProgram Plugin <= 4.7.1 is vulnerable to SQL Injection

Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.7.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8484 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a9593ec18e0a Credits wesley wcraft Required privilege...

7.5CVSS9.5AI score0.03631EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/09/23 12:0 a.m.6 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk versions prior to 2.3.0p16 and prior to 2.2.0p34, which stems from a two-factor authentication bypass in RestAPI that could allow authenticated users to bypass two-factor authentication...

9.2CVSS6.5AI score0.00459EPSS
Exploits0References2
Rows per page
Query Builder