Lucene search
K

1619 matches found

ATTACKERKB
ATTACKERKB
added 2023/07/12 5:15 a.m.3 views

CVE-2023-2562

The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refreshmetabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a post...

4.3CVSS6.8AI score0.00454EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.5 views

WordPress Plugin Gallery Metabox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.4AI score0.00454EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/06/19 10:14 a.m.21 views

CVE-2023-34414

The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a sit...

3.1CVSS6.8AI score0.00897EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/06/14 8:43 a.m.4 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.12 views

PT-2023-16691 · WordPress · Intuitive Custom Post Order

Name of the Vulnerable Software and Affected Versions: Intuitive Custom Post Order plugin for WordPress versions up to, and including, 3.1.3 Description: The issue arises from insufficient escaping on the user-supplied objects and tags parameters and a lack of sufficient preparation in the update...

7.2CVSS7.1AI score0.00971EPSS
Exploits0References5
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.6 views

Lack of claimRewards when manageToken in RevenueTrader

Lines of code Vulnerability details There is a dev comment in the Assert.sol: DEPRECATED: claimRewards will be removed from all assets and collateral plugins The claimRewards is moved to the TradingP1.claimRewards/claimRewardsSingle. But when the RevenueTraderP1 trade and distribute revenues by...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.11 views

sell reward rTokens at low price because of skiping furnace.melt

Lines of code Vulnerability details Impact The reward rToken sent to RevenueTrader will be sold at a low price. RSR stakers will lose some of their profits. Proof of Concept RevenueTraderP1.manageToken function is used to launch auctions for any erc20 tokens sent to it. For the RevenueTrader of t...

7.1AI score
Exploits0
Huntr
Huntr
added 2023/06/06 9:29 a.m.17 views

Stored XSS via file upload in FireFox

Description Upload html file containing XSS payload. Payload ' On opening and refreshing the page, XSS payload executes in Firefox. Proof of Concept https://drive.google.com/file/d/1Irkg0u-8DcEizRSN3xE87ezEWmp0L4j/view?usp=sharing...

6.4AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/06/05 6:53 p.m.8 views

flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header

A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions ar...

7.5CVSS7.1AI score0.01261EPSS
Exploits1References6
NVD
NVD
added 2023/05/09 10:15 a.m.15 views

CVE-2023-23793

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eightweb Interactive Read More Without Refresh plugin = 3.1 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2023/05/09 10:15 a.m.4 views

CVE-2023-23793

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eightweb Interactive Read More Without Refresh plugin = 3.1 versions...

4.8CVSS5.8AI score0.00392EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/09 9:53 a.m.10 views

CVE-2023-23793 WordPress Read More Without Refresh Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eightweb Interactive Read More Without Refresh plugin = 3.1 versions...

5.9CVSS5.8AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.8 views

WordPress plugin Read More Without Refresh 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.9CVSS4.9AI score0.00392EPSS
Exploits0References3
OSV
OSV
added 2023/05/02 6:15 p.m.3 views

DEBIAN-CVE-2023-30861

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...

7.5CVSS7.5AI score0.01261EPSS
Exploits1References1
OSV
OSV
added 2023/05/02 6:15 p.m.1 views

UBUNTU-CVE-2023-30861

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...

7.5CVSS7AI score0.01261EPSS
Exploits1References10
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/04/11 5:28 a.m.22 views

London Councils & pirate books. Google dorking for subdomain takeovers

TL;DR Google dorks found me an exploited DigitalOcean subdomain takeover on London Councils’ .gov.uk domain It used a meta refresh to redirect to a site hosting unprovenanced PDFs London Councils had a security.txt file which made disclosure a doddle Their security team were awesome and fixed it...

6.1AI score
Exploits0
wpexploit
wpexploit
added 2023/04/05 12:0 a.m.134 views

WP SMTP Mailing Queue < 2.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "Settings SMTP Mailing Queue Tools"...

4.8CVSS8.8AI score0.00535EPSS
Exploits2References1
Veracode
Veracode
added 2023/04/04 1:4 p.m.17 views

Information Disclosure

Cloud Foundry User Account and Authentication Server is vulnerable to Information Disclosure. The vulnerability exists because the UAA does not reject a refresh token during a refresh token grant which allows an attacker to gain access to resources until the token expires...

4.3CVSS5.4AI score0.00404EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/28 9:15 p.m.6 views

CVE-2023-20903

This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates t...

4.3CVSS5.8AI score0.00404EPSS
Exploits0References1
NVD
NVD
added 2023/03/28 9:15 p.m.14 views

CVE-2023-20903

This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates t...

4.3CVSS4.6AI score0.00404EPSS
Exploits0References1
Rows per page
Query Builder