Lucene search
K

246 matches found

Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.6 views

PT-2024-17272 · Unknown · Phpgurukul User Registration & Login/User Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul User Registration & Login and User Management System version 1.0 Description: A critical vulnerability has been found in the system, affecting an unknown part of the file /signup.php. The manipulation of the email argument leads to...

9.8CVSS8.1AI score0.00628EPSS
Exploits1References7
NVD
NVD
added 2024/11/01 3:15 p.m.18 views

CVE-2024-39654

Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through = 2.2.12...

5.3CVSS0.0035EPSS
Exploits0References1
CVE
CVE
added 2024/11/01 2:17 p.m.47 views

CVE-2024-39654

CVE-2024-39654 concerns WordPress Sign-up Sheets plugin (versions

5.3CVSS5.9AI score0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/01 2:17 p.m.32 views

CVE-2024-39654 WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through = 2.2.12...

5.3CVSS0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/01 2:17 p.m.16 views

CVE-2024-39654 WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through = 2.2.12...

5.3CVSS5.2AI score0.0035EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.6 views

WordPress plugin Sign-up Sheets 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS6.5AI score0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.6 views

PT-2024-28592 · Unknown · Fetch Designs Sign-Up Sheets

Name of the Vulnerable Software and Affected Versions: Fetch Designs Sign-up Sheets versions 2.2.12 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Fetch...

5.3CVSS7.2AI score0.0035EPSS
Exploits0References3
NVD
NVD
added 2024/10/29 1:15 p.m.35 views

CVE-2024-7472

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

6.5CVSS0.00418EPSS
Exploits1References2
OSV
OSV
added 2024/10/29 1:15 p.m.23 views

CVE-2024-7472

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

6.5CVSS7.1AI score0.00418EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/29 12:49 p.m.12 views

CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

5.3CVSS7.4AI score0.00418EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/29 12:49 p.m.39 views

CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

5.3CVSS0.00418EPSS
Exploits1References2
CVE
CVE
added 2024/10/29 12:49 p.m.103 views

CVE-2024-7472

CVE-2024-7472 affects lunary-ai/lunary v1.2.26, exposing an email injection vulnerability in the /v1/users/send-verification and /auth/signup endpoints. The root cause is bypassing the extractFirstName function by using an alternate whitespace character (e.g., \xa0), enabling data to be injected ...

6.5CVSS5.6AI score0.00418EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2024/09/17 12:0 a.m.206 views

Expense Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Expense Management System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2024/09/04 9:31 a.m.5 views

WordPress Sign-up Sheets plugin < 2.2.13 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Sign-up Sheets versions 2.2.13...

6.1CVSS6.4AI score0.00369EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/09/04 6:15 a.m.4 views

CVE-2024-6020

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00369EPSS
Exploits1References1
NVD
NVD
added 2024/09/04 6:15 a.m.20 views

CVE-2024-6020

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...

6.1CVSS0.00369EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/04 6:0 a.m.30 views

CVE-2024-6020 Sign-up Sheets < 2.2.13 - Reflected XSS

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...

0.00369EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/04 6:0 a.m.11 views

CVE-2024-6020 Sign-up Sheets < 2.2.13 - Reflected XSS

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...

6.8AI score0.00369EPSS
Exploits1References1
CVE
CVE
added 2024/09/04 6:0 a.m.49 views

CVE-2024-6020

The CVE-2024-6020 entry concerns the Sign-up Sheets WordPress plugin prior to version 2.2.13. The vulnerability arises because generated URLs and the $_SERVER['REQUEST_URI'] value are not properly escaped before being echoed in attributes, enabling Reflected Cross-Site Scripting. Affected softwar...

6.1CVSS6.2AI score0.00369EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/09/04 12:0 a.m.10 views

WordPress Sign-up Sheets Plugin < 2.2.13 is vulnerable to Cross Site Scripting (XSS)

Software Sign-up Sheets Type Plugin Vulnerable versions 2.2.13 Fixed in 2.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6020 Patch priority Medium CVSS severity Medium 7.1 Developer Fetch Designs PSID 65a76cb93247 Credits Bob Matyas Required...

6.1CVSS5.7AI score0.00369EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder