Lucene search
K

1616 matches found

wpexploit
wpexploit
added 2022/12/27 12:0 a.m.447 views

EU Cookie Law <= 3.1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Enter the setting page of this plugin. 2. In t...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2022/12/23 1:34 a.m.19 views

CVE-2022-39304

A flaw was found in ghinstallation. When a request to refresh an installation token fails, the HTTP request and response are returned for debugging. The returned request contains the short-lived 10-min maximum bearer JWT for the app and is returned back to clients...

5CVSS0.4AI score0.00382EPSS
Exploits1References7
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.136 views

Link Library < 7.4.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Install the plugin and go to:...

4.8CVSS0.6AI score0.0047EPSS
Exploits2
OSV
OSV
added 2022/12/22 8:15 p.m.0 views

DEBIAN-CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

8.1CVSS7.8AI score0.00768EPSS
Exploits0References1
Veracode
Veracode
added 2022/12/20 5:4 a.m.21 views

Information Disclosure

github.com/bradleyfalzon/ghinstallation is vulnerable to information disclosure. The vulnerability exists in the refreshToken function of transport.go, when the request to refresh an installation token fails, it allows an attacker to gain sensitive information through the error message...

5CVSS5AI score0.00382EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2022/12/20 12:0 a.m.2 views

ghinstallation 安全漏洞

ghinstallation is a library for Bradley Falzon Personal Developers. Authentication is performed as an installation workflow. A security vulnerability exists in ghinstallation versions prior to 2.0.0, which stems from a short-lived token that returns an HTTP request and response for debugging when...

5CVSS6.1AI score0.00382EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/12/19 12:0 a.m.3 views

PT-2022-24887 · Unknown · Ghinstallation

Name of the Vulnerable Software and Affected Versions: ghinstallation versions 1 through 1 ghinstallation version 2.0.0 is not affected as it contains the fix for the issue. Description: The issue concerns ghinstallation, which provides transport implementing http.RoundTripper for authentication ...

5CVSS4.9AI score0.00382EPSS
Exploits1References13
RedHat Linux
RedHat Linux
added 2022/12/13 2:4 p.m.3 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/13 2:3 p.m.32 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/13 2:3 p.m.20 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
Microsoft KB
Microsoft KB
added 2022/12/13 8:0 a.m.108 views

Description of the security update for SharePoint Server 2019: December 13, 2022 (KB5002311)

Description of the security update for SharePoint Server 2019: December 13, 2022 KB5002311 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...

8.8CVSS9.1AI score0.82081EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/06 4:12 p.m.23 views

Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2022-3676)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION:...

6.5CVSS6.5AI score0.00589EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/30 12:0 a.m.22 views

Sliderby10Web < 1.2.53 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Slider » Sliders" and edit one of...

4.8CVSS1.1AI score0.00532EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.9 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect TLB refresh issue in the GPU i915 kernel driver, which could lead to random memory corruption o...

7.8CVSS6.6AI score0.00252EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2022/11/28 2:39 p.m.4 views

postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names

A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...

8CVSS7.3AI score0.01662EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2022/11/09 6:25 p.m.39 views

CVE-2022-3916

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS3.4AI score0.00952EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.21 views

Red Hat Keycloak 代码问题漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak offlineaccess, which stems from a lack of root session authentication and reuse of session...

6.8CVSS6.4AI score0.00952EPSS
Exploits0References16
wpexploit
wpexploit
added 2022/11/03 12:0 a.m.90 views

Analytics for WP <= 1.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the Settings page of this plugin, in the bo...

4.8CVSS4.7AI score0.00519EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/11/03 12:0 a.m.19 views

reCAPTCHA <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. On the setting page of this plugin, enter...

4.8CVSS2.2AI score0.00532EPSS
Exploits2Affected Software1
NVD
NVD
added 2022/10/18 2:15 p.m.19 views

CVE-2020-15853

supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time...

5.3CVSS0.00596EPSS
Exploits0References1
Rows per page
Query Builder