Lucene search
K

4963 matches found

WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.23 views

WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes

Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to an improper capability check on the 'pricingplans', 'blockdate', 'managerbookings', and 'updatefieldroom' functions for the 'pricing-plans', 'block-date',...

6.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

Tainacan < 0.20.8 - Missing Authorization

Description The Tainacan plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 0.20.7. This makes it possible for unauthenticated attackers to perform unauthorized actions...

9.8CVSS7AI score0.00438EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure

Description The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...

5.3CVSS7AI score0.00425EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/03 12:0 a.m.28 views

Elasticsearch 8.4.0 < 8.11.1 DoS (ESA-2024-05)

The version of Elasticsearch installed on the remote host is between 8.4.0 and prior to 8.11.1. It is, therefore, affected by a denial of service DoS vulnerability, due to an uncaught exception that occurs when an encrypted PDF is passed to an attachment processor through the REST API. The...

5.3CVSS5.3AI score0.00681EPSS
Exploits0References2
Kitploit
Kitploit
added 2024/04/02 11:30 a.m.32 views

VolWeb - A Centralized And Enhanced Memory Analysis Platform

VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework. It is dedicated to aiding in investigations and incident responses. Objective The goal of VolWeb is to enhance the efficiency of memory collection and forensic analysis by providing a...

7AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/03/29 3:50 p.m.38 views

CVE-2024-23449

A flaw was found in the Elasticsearch package. An uncaught exception occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with...

4.3CVSS7AI score0.00681EPSS
Exploits0References4
NVD
NVD
added 2024/03/29 1:15 p.m.14 views

CVE-2024-3078

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...

9.8CVSS5.6AI score0.00874EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/29 12:31 p.m.11 views

CVE-2024-3078 Qdrant Full Snapshot REST API snapshots.rs path traversal

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...

5.5CVSS7AI score0.00874EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/29 12:31 p.m.22 views

CVE-2024-3078 Qdrant Full Snapshot REST API snapshots.rs path traversal

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...

5.5CVSS5.8AI score0.00874EPSS
Exploits0References5
CVE
CVE
added 2024/03/29 12:31 p.m.100 views

CVE-2024-3078

CVE-2024-3078 affects Qdrant prior to 1.8.3 (versions up to 1.6.1, 1.7.4, 1.8.2) and stems from path traversal in the Full Snapshot REST API handler (lib/collection/src/collection/snapshots.rs). The vulnerability allows traversal of filesystem paths due to the processing logic described in multip...

9.8CVSS5.6AI score0.00874EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/29 12:30 p.m.27 views

Elasticsearch Uncaught Exception leading to crash

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

5.3CVSS7AI score0.00681EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/03/29 12:15 p.m.28 views

CVE-2024-23449

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

5.3CVSS4.4AI score0.00681EPSS
Exploits0References1
OSV
OSV
added 2024/03/29 12:15 p.m.11 views

CVE-2024-23449

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

5.3CVSS5AI score
Exploits0References1
OSV
OSV
added 2024/03/29 12:15 p.m.3 views

UBUNTU-CVE-2024-23449

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

5.3CVSS5.8AI score0.00681EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/03/29 12:15 p.m.22 views

CVE-2024-23449

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

5.3CVSS5.9AI score0.00681EPSS
Exploits0References2
CVE
CVE
added 2024/03/29 11:12 a.m.111 views

CVE-2024-23449

CVE-2024-23449 affects Elasticsearch: versions 8.4.0 up to (but not including) 8.11.1 are vulnerable to an uncaught exception when an encrypted PDF is passed to the REST API’s attachment processor, causing the ingest node to crash. The issue does not occur with password-protected or unencrypted P...

5.3CVSS4.3AI score0.00681EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/03/29 11:12 a.m.37 views

CVE-2024-23449 Elasticsearch Uncaught Exception

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

4.3CVSS4.7AI score0.00681EPSS
Exploits0References1
Elastic
Elastic
added 2024/03/29 11:12 a.m.7 views

Elasticsearch 8.11.1 Security Update (ESA-2024-05)

Elasticsearch Uncaught Exception ESA-2024-05 An uncaught exception in Elasticsearch = 8.4.0 and = 8.4.0 and 8.11.1 Solutions and Mitigations: The issue is resolved in version 8.11.1. This requires the attachment processor to be enabled. Users unable to upgrade can ensure that the attachment...

5.3CVSS6.9AI score0.00681EPSS
Exploits0
NVD
NVD
added 2024/03/29 7:15 a.m.22 views

CVE-2024-0913

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to insufficient escapi...

7.2CVSS7AI score0.00615EPSS
Exploits0References3
OSV
OSV
added 2024/03/29 7:15 a.m.6 views

CVE-2024-0913

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to insufficient escapi...

7.2CVSS7.2AI score
Exploits0References2
Rows per page
Query Builder