Lucene search
K

4965 matches found

OSV
OSV
added 2024/09/04 6:15 a.m.10 views

CVE-2024-7786

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...

5.3CVSS6.8AI score
Exploits0References1
Cvelist
Cvelist
added 2024/09/04 6:0 a.m.19 views

CVE-2024-7786 Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates...

0.01635EPSS
Exploits1References1
CVE
CVE
added 2024/09/04 6:0 a.m.97 views

CVE-2024-7786

Summary: Sensei LMS WordPress plugin prior to version 4.24.2 contains an issue where certain REST API routes are not properly protected, allowing unauthenticated access to leak email templates. Affected software: Sensei LMS WordPress plugin (versions before 4.24.2). Root cause (as stated): Unprot...

7.5CVSS5.2AI score0.01635EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.292 views

WordPress REST API Content Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress REST API Content Injection', 'Description' = %q This module exploits a content injection vulnerability in WordPress versions 4.7 and...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.226 views

Apache Flink JobManager Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JobManager Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Flink...

9.1CVSS7.4AI score0.97856EPSS
Exploits14
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.150 views

Pimcore Gather Credentials via SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pimcore Gather Credentials via SQL Injection', 'Description' = %q This module extracts the usernames and hashed passwords of all users of the...

6.5CVSS7AI score0.2895EPSS
Exploits7
vulnersOsv
vulnersOsv
added 2024/08/30 6:41 p.m.4 views

ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)

indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:GHSA-WH2W-39F4-RPV2...

7.5CVSS7.1AI score0.00933EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/29 7:38 a.m.4 views

Malicious code in as-rest-api-v6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ce680287c711409073b5144305ae85ce29123f6841998697d979ee6414baddc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/08/29 7:38 a.m.4 views

MAL-2024-8067 Malicious code in as-rest-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00a576994460aeca57d9642938bbd4c214c2fc5138f9513388b070cb882fde29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/29 7:38 a.m.6 views

Malicious code in as-rest-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00a576994460aeca57d9642938bbd4c214c2fc5138f9513388b070cb882fde29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/08/29 7:38 a.m.11 views

MAL-2024-8068 Malicious code in as-rest-api-v6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ce680287c711409073b5144305ae85ce29123f6841998697d979ee6414baddc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.7 views

PT-2024-31387 · Amazon · Aws Cloud Development Kit

Name of the Vulnerable Software and Affected Versions: AWS Cloud Development Kit CDK versions 2.142.0 through 2.148.0 Description: The issue in AWS Cloud Development Kit CDK can result in granting authenticated Amazon Cognito users broader than intended access. Specifically, if a CDK application...

6.4CVSS7.1AI score0.00314EPSS
Exploits0References11
OSV
OSV
added 2024/08/21 8:15 p.m.2 views

CVE-2024-20417

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...

8.1CVSS5.9AI score0.00498EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 8:15 p.m.14 views

CVE-2024-20417

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...

8.1CVSS0.00498EPSS
Exploits0References1
CVE
CVE
added 2024/08/21 7:16 p.m.94 views

CVE-2024-20417

Cisco CVE-2024-20417 affects the REST API of Cisco Identity Services Engine (ISE). The issue stems from insufficient validation of user-supplied input in REST API calls, allowing an authenticated, remote attacker to perform blind SQL injection and view or modify data on the affected device. Affec...

8.1CVSS7AI score0.00498EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/08/21 7:16 p.m.40 views

CVE-2024-20417 Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabities

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...

6.5CVSS0.00498EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/21 7:16 p.m.14 views

CVE-2024-20417 Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabities

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...

6.5CVSS7.9AI score0.00498EPSS
Exploits0References1
Cisco
Cisco
added 2024/08/21 4:0 p.m.21 views

Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...

6.5CVSS7.8AI score0.00498EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 6:15 a.m.24 views

CVE-2024-5880

The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. This makes it possible for unauthenticated attackers to gain unauthorized...

4.3CVSS0.00318EPSS
Exploits0References2
CVE
CVE
added 2024/08/21 5:30 a.m.80 views

CVE-2024-5880

The CVE-2024-5880 entry refers to the WordPress plugin Hide My Site, affecting all versions up to 2.2. The vulnerability is Unauthenticated Sensitive Information Exposure caused by the plugin not restricting REST API access when password protection is enabled, allowing unauthenticated attackers t...

4.3CVSS4.9AI score0.00318EPSS
Exploits0References2
Rows per page
Query Builder