Lucene search
+L

65 matches found

OSV
OSV
added 2023/11/20 3:15 p.m.5 views

CVE-2023-6197

The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modify the...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.5 views

Class Scheduling System Data Forgery Problem Vulnerability

Class Scheduling System is a class scheduling system by jkev Personal Developer. A security vulnerability exists in Class Scheduling System version 1.0, which stems from a lack of authentication when changing email addresses or passwords, allowing a remote attacker to take over an account...

9.8CVSS7AI score0.00416EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.7 views

BD Alaris System with Guardrails Suite MX 授权问题漏洞

The BD Alaris System with Guardrails Suite MX is a medical device from BD Medical BD. A security vulnerability exists in the BD Alaris System with Guardrails Suite MX, which originates from the ability to modify the configuration of a PCU without having to authenticate using a physical connection...

5.7CVSS5.9AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.12 views

PT-2023-19377 · Vcita · Crm/Lead Management By Vcita

Name of the Vulnerable Software and Affected Versions: CRM and Lead Management by vcita plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is due to missing nonce validation in the vcita-callback.php file, making it possible for unauthenticated attackers to modify th...

6.5CVSS6.8AI score0.00335EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.7 views

PT-2023-18816 · Vcita · Contact Form Builder By Vcita

Name of the Vulnerable Software and Affected Versions: Contact Form Builder by vcita plugin for WordPress versions up to, and including, 4.9.1 Description: The issue is due to missing nonce validation on the ls parse vcita callback function, making it possible for unauthenticated attackers to...

6.1CVSS6.5AI score0.00295EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2023/04/05 2:15 p.m.3 views

CVE-2023-1867

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged...

5.4CVSS6.6AI score0.00302EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.6 views

PT-2022-25665 · Ezoic · Ezoic Plugin

Name of the Vulnerable Software and Affected Versions: Ezoic plugin versions prior to 2.8.9 Description: The issue allows for unauthenticated changes to plugin settings, leading to stored XSS. Recommendations: For Ezoic plugin versions prior to 2.8.9, update to version 2.8.9 or later to resolve t...

6.1CVSS6.2AI score0.00406EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/23 12:0 a.m.4 views

PT-2022-22649 · 59Sec · 59Sec Lite

Name of the Vulnerable Software and Affected Versions: 59sec THE Leads Management System: 59sec LITE plugin version 3.4.1 and earlier Description: The issue allows for unauthenticated changes to plugin settings. Recommendations: For 59sec LITE plugin version 3.4.1 and earlier, update to a version...

6.5CVSS5.3AI score0.00547EPSS
Exploits0References4
OSV
OSV
added 2022/07/15 12:15 p.m.4 views

CVE-2022-30245

Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the...

6.5CVSS5.8AI score0.01233EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/10/07 12:0 a.m.12 views

PT-2020-14249 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.2 Description: The issue concerns insecure storage of user input into the database as url base and url base api. These settings are used throughout the application, allowing for vulnerabilities such as Cross-Site...

10CVSS6.4AI score0.99628EPSS
Exploits32References126
Positive Technologies
Positive Technologies
added 2020/08/31 12:0 a.m.7 views

PT-2020-15274

Name of the Vulnerable Software and Affected Versions GiveWP plugin versions prior to 2.5.10 Description The issue allows unauthenticated changes to settings. This is due to a problem in the includes/gateways/stripe/includes/admin/admin-actions.php file. Recommendations For GiveWP plugin versions...

5.3CVSS5.7AI score0.01881EPSS
Exploits0References4
Prion
Prion
added 2020/04/03 3:15 p.m.21 views

Design/Logic Flaw

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...

5CVSS5.5AI score0.02362EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/03 2:16 p.m.21 views

CVE-2019-17230

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...

5.5AI score0.02362EPSS
Exploits1References1
EUVD
EUVD
added 2020/04/03 2:16 p.m.5 views

EUVD-2019-7647

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...

5.3CVSS5.3AI score0.02362EPSS
Exploits1References1
OSV
OSV
added 2020/03/24 8:15 p.m.3 views

CVE-2019-20620

An issue was discovered on Samsung mobile devices with P9.0 software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 March 2019...

7.5CVSS5.8AI score0.00333EPSS
Exploits0References1
NVD
NVD
added 2020/03/24 8:15 p.m.19 views

CVE-2019-20620

An issue was discovered on Samsung mobile devices with P9.0 software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 March 2019...

7.5CVSS7.7AI score0.00333EPSS
Exploits0References1
Prion
Prion
added 2020/03/24 8:15 p.m.14 views

Code injection

An issue was discovered on Samsung mobile devices with P9.0 software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 March 2019...

5CVSS7.7AI score0.00333EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/03/24 7:36 p.m.42 views

CVE-2019-20620

CVE-2019-20620 affects Samsung mobile devices running P (Android 9.0) software. The issue is that the Settings application allows unauthenticated changes, per the Samsung notice referencing SVE-2019-13814 and SVE-2019-13815. Documents do not specify the exact vulnerable component, root cause deta...

7.5CVSS7.6AI score0.00333EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/24 7:36 p.m.22 views

CVE-2019-20620

An issue was discovered on Samsung mobile devices with P9.0 software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 March 2019...

7.7AI score0.00333EPSS
Exploits0References1
NVD
NVD
added 2020/02/24 7:15 p.m.25 views

CVE-2019-17228

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes...

6.5CVSS6.6AI score0.01153EPSS
Exploits1References3
Rows per page
Query Builder