Lucene search
K

4963 matches found

CVE
CVE
added 2024/06/12 11:5 a.m.108 views

CVE-2024-4898

CVE-2024-4898 affects WordPress InstaWP Connect – 1-click WP Staging & Migration plugin. All versions

9.8CVSS9.4AI score0.04156EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/12 11:5 a.m.16 views

CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...

9.8CVSS6.7AI score0.04156EPSS
Exploits0References2
Wallarm Lab
Wallarm Lab
added 2024/06/10 4:52 p.m.63 views

CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface

On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager VBEM web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating ...

9.8CVSS10AI score0.21634EPSS
Exploits2
NVD
NVD
added 2024/06/07 1:15 p.m.31 views

CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/07 12:33 p.m.12 views

CVE-2024-5382 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS6.8AI score0.00319EPSS
Exploits0References2
CVE
CVE
added 2024/06/07 12:33 p.m.77 views

CVE-2024-5382

CVE-2024-5382 affects Master Addons – Free Widgets for Elementor (WordPress). A missing capability check on the ma-template REST API route allows unauthenticated attackers to create or modify Master Addons templates and related settings in all versions up to 2.0.6.1. The Red Hat advisory confirms...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.13 views

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.2 - Missing Authorization to MA Template Creation or Modification

Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. Th...

6.5CVSS6.7AI score0.00319EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/06/06 4:15 a.m.16 views

CVE-2024-0972

The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.9 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest"...

5.3CVSS5.2AI score0.00443EPSS
Exploits0References4
CVE
CVE
added 2024/06/06 3:53 a.m.103 views

CVE-2024-0972

CVE-2024-0972 affects BuddyPress Members Only for WordPress (all versions

5.3CVSS5.8AI score0.00443EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/06/06 2:15 a.m.22 views

CVE-2024-0910

The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract...

5.3CVSS5.2AI score0.00452EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/06 2:2 a.m.13 views

CVE-2024-0910 Restrict for Elementor <= 1.0.7 - Protection Mechanism Bypass

The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract...

5.3CVSS5.9AI score0.00452EPSS
Exploits0References3
CVE
CVE
added 2024/06/06 2:2 a.m.61 views

CVE-2024-0910

CVE-2024-0910 concerns the WordPress plugin Restrict for Elementor, affecting all versions up to 1.0.6. Root cause: improper restrictions on hidden data exposed via the REST API, enabling unauthenticated attackers to extract potentially sensitive information from post content. Documented impact i...

5.3CVSS5.9AI score0.00452EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2024/06/05 2:46 p.m.5 views

jenkins-2-plugins: matrix-project plugin path traversal vulnerability

A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on...

4.3CVSS5.8AI score0.00691EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.10 views

BuddyPress Members Only <= 3.3.5 - Improper Access Control to Sensitive Information Exposure via REST API

Description The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to...

5.3CVSS6.8AI score0.00443EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.5 views

PT-2024-15951 · WordPress · Buddypress Members Only

Name of the Vulnerable Software and Affected Versions: BuddyPress Members Only plugin for WordPress versions up to, and including, 3.3.5 Description: The issue allows unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature and view...

5.3CVSS7.1AI score0.00443EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.12 views

Restrict for Elementor <= 1.0.6 - Protection Mechanism Bypass

Description The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.6 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to...

5.3CVSS6.7AI score0.00452EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/03 5:38 p.m.17 views

CVE-2024-4332 Improper Authentication in Tripwire Enterprise 9.1.0 APIs

An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise TE 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This...

9.3CVSS7.3AI score0.00639EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/05/31 4:41 a.m.749 views

Exploit for SQL Injection in Bplugins Html5_Video_Player

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player = 2.5.2...

6.5CVSS7.2AI score0.02639EPSS
Exploits6
Github Security Blog
Github Security Blog
added 2024/05/29 6:40 p.m.33 views

Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

Impact What kind of vulnerability is it? Who is impacted? A user with permissions to view Dynamic Group records extras.viewdynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view /api/extras/dynamic-groups//members/ to list the...

6.5CVSS6.5AI score0.00398EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2024/05/28 10:26 p.m.40 views

CVE-2024-36112 Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records extras.viewdynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view /api/extras/dynamic-groups//members/ t...

6.3CVSS6.3AI score0.00398EPSS
Exploits0References3
Rows per page
Query Builder