Lucene search
+L

463 matches found

CNVD
CNVD
added 2021/03/11 12:0 a.m.10 views

Samsung keyboard access control error vulnerability

Samsung keyboard is a cell phone application from Samsung South Korea. It provides an input function. A security vulnerability exists in Samsung keyboard version prior to SMR Feb-2021 Release 1, which allows a close-range attacker to change arbitrary settings during the initialization state. No...

5.1CVSS6.9AI score0.0012EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2020/03/24 12:0 a.m.12 views

Data Tables Generator By Supsystic < 1.9.92 - CSRF to Stored XSS, Data Table Creations, Settings Modification

The Data Tables Generator by Supsystic WordPress plugin was affected by a CSRF to Stored XSS, Data Table Creations, Settings Modification security vulnerability...

2AI score
Exploits0References1Affected Software1
OSV
OSV
added 2020/03/13 4:15 p.m.8 views

CVE-2020-10195

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal...

6.3CVSS6.7AI score0.01091EPSS
Exploits1References2
NVD
NVD
added 2020/03/13 4:15 p.m.29 views

CVE-2020-10195

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal...

6.5CVSS6.5AI score0.01091EPSS
Exploits1References2
Prion
Prion
added 2020/03/13 4:15 p.m.22 views

Information disclosure

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal...

6.5CVSS6.4AI score0.01091EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/03/13 3:48 p.m.31 views

CVE-2020-10195

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal...

6.5AI score0.01091EPSS
Exploits1References2
CVE
CVE
added 2020/03/13 3:48 p.m.95 views

CVE-2020-10195

The CVE-2020-10195 issue affects the Popup Builder plugin for WordPress (versions prior to 3.64.1). An authenticated subscriber-level attacker can send a POST to wp-admin/admin-post.php, using actions such as sgpbSaveSettings, csv_file, or sgpb_system_info, to modify settings, export subscriber d...

6.5CVSS6.5AI score0.01091EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/12 12:0 a.m.37 views

Popup Builder < 3.64.1 - Multiple Issues

"One vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. The other vulnerability allowed any logged-in user, even those with minimal permissions such as a subscriber, to export a list of...

6.5CVSS1.6AI score0.01421EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2020/01/09 7:15 p.m.3 views

CVE-2020-6167

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo...

8.8CVSS7.3AI score0.00924EPSS
Exploits2References3
CVE
CVE
added 2020/01/09 6:9 p.m.84 views

CVE-2020-6167

The CVE-2020-6167 entry concerns WordPress plugin Minimal Coming Soon & Maintenance Mode (versions up to 2.10). The vulnerability is a CSRF to stored XSS and setting changes, permitted by a lack of nonce checks on settings endpoints, enabling an attacker to enable maintenance mode, inject XSS, mo...

9.6CVSS8.5AI score0.00924EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2019/11/14 5:15 p.m.23 views

CVE-2019-15466

The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakuraindia/sakuraindia:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=QL1715201812191721 that allows...

3.3CVSS3.8AI score0.00277EPSS
Exploits0References1
NVD
NVD
added 2019/11/14 5:15 p.m.17 views

CVE-2019-15744

The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyakisoftbank/keyakisoftbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app versionCode=1413005, versionName=1.3.0 that allows unauthoriz...

3.3CVSS3.8AI score0.00277EPSS
Exploits0References1
NVD
NVD
added 2019/11/14 5:15 p.m.27 views

CVE-2019-15423

The Bluboo BlubooS1 Android device with a build fingerprint of BLUBOO/BlubooS1/BlubooS1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via...

3.3CVSS3.8AI score0.00277EPSS
Exploits0References1
NVD
NVD
added 2019/11/14 5:15 p.m.13 views

CVE-2019-15426

The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app versionCode=40000, versionName=4.0.00 that allows unauthorized wireless settings modification via ...

3.3CVSS3.8AI score0.00277EPSS
Exploits0References1
NVD
NVD
added 2019/11/14 5:15 p.m.33 views

CVE-2019-15427

The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app versionCode=40000, versionName=4.0.00 that allows unauthorized wireless settings modification via a...

3.3CVSS3.8AI score0.00277EPSS
Exploits0References1
NVD
NVD
added 2019/11/14 5:15 p.m.30 views

CVE-2019-15422

The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via a confused...

3.3CVSS3.8AI score0.00277EPSS
Exploits0References1
NVD
NVD
added 2019/11/14 5:15 p.m.32 views

CVE-2019-15415

The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=QL1711201803291645 that allows unauthorized wireless settings...

3.3CVSS3.8AI score0.00277EPSS
Exploits0References1
NVD
NVD
added 2019/11/14 5:15 p.m.22 views

CVE-2019-15394

The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WWPhone/ASUSX017D1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app versionCode=1, versionName=1 that allows unauthorized wireless settin...

7.8CVSS7.3AI score0.00332EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 5:15 p.m.12 views

Code injection

The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WWPhone/ASUSX017D1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app versionCode=1, versionName=1 that allows unauthorized wireless settin...

7.2CVSS7.2AI score0.00332EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 5:15 p.m.13 views

Code injection

The Kata M4s Android device with a build fingerprint of alps/fullhct675066n/hct675066n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via a...

2.1CVSS4AI score0.00277EPSS
Exploits0References1
Rows per page
Query Builder