Lucene search
K

144 matches found

Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.4 views

PT-2024-4884 · Oracle · Oracle Commerce Platform

Name of the Vulnerable Software and Affected Versions: Oracle Commerce Platform versions 11.3.0 through 11.3.2 Description: The issue is related to insufficient input validation in the Oracle Commerce Platform, allowing an unauthenticated attacker with network access via HTTP to compromise the...

4CVSS7AI score0.00347EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/04/11 9:41 a.m.5 views

WordPress Citadela Listing plugin <= 5.18.1 - Unauth. Sensitive Data Exposure vulnerability

Unauth. Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Citadela Listing versions = 5.18.1...

7.5CVSS7AI score0.00519EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.6 views

PT-2024-18826 · WordPress · Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress versions up to, and including, 3.2.10 Description: The issue allows unauthenticated attackers to extract sensitive data, including all registered...

7.5CVSS6.9AI score0.00802EPSS
Exploits0References8
OSV
OSV
added 2024/03/05 2:15 a.m.5 views

CVE-2024-1095

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00475EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

WordPress Plugin LearnDash LMS Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.3CVSS6.6AI score0.05285EPSS
Exploits3References4
OSV
OSV
added 2024/01/04 3:15 p.m.5 views

CVE-2023-50867

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.8AI score0.00672EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/10/03 12:0 a.m.3 views

PT-2023-23634 · WordPress · Wp Mail Smtp Pro

Name of the Vulnerable Software and Affected Versions: WP Mail SMTP Pro plugin for WordPress versions up to, and including, 3.8.0 Description: The issue is related to a missing capability check on the is print page function, which allows unauthorized access to data. This makes it possible for...

5.3CVSS5.7AI score0.00429EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/09/28 12:0 a.m.24 views

SUSE SLES15: libpython3_6m1_0 / python3 / python3-base / python3-curses / etc (SUSE-SU-2023:3804-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3804-1 advisory. - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692. Tenable has extracted the preceding description block directly fr...

5.3CVSS6.8AI score0.0079EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/23 12:0 a.m.25 views

SUSE SLES12: libpython3_6m1_0 / libpython3_6m1_0-32bit / python36 / etc (SUSE-SU-2023:3731-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3731-1 advisory. - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692. Tenable has extracted the preceding description block directly fr...

5.3CVSS6.8AI score0.0079EPSS
Exploits0References4
NCSC
NCSC
added 2023/09/21 12:0 a.m.6 views

Vulnerabilities fixed in Hewlett Packard OneView

Hewlett Packard has fixed vulnerabilities in OneView. A malicious party could exploit the vulnerabilities to bypass authentication bypass authentication to gain unauthenticated access to sensitive data within the application, or use the application. HPE has released updates to fix the...

9.8CVSS7.5AI score0.01216EPSS
Exploits0
OpenSSL
OpenSSL
added 2023/07/07 12:0 a.m.51 views

Vulnerability in OpenSSL - AES-SIV implementation ignores empty associated data entries

Issue summary : The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary : Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be...

6.6AI score0.00525EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/05/15 1:15 p.m.19 views

Authorization

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...

5CVSS7.5AI score0.00819EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/05/15 12:15 p.m.56 views

CVE-2023-0812

CVE-2023-0812 affects the WordPress plugin Active Directory Integration / LDAP Integration (pre-4.1.1). The issue is unauthenticated data disclosure due to improper authorization or nonce handling on certain POST requests. A fix exists in version 4.1.1; affected users should upgrade to 4.1.1 or l...

7.5CVSS7.6AI score0.00819EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/15 12:15 p.m.7 views

CVE-2023-0812 Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...

7.6AI score0.00819EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/04/19 12:0 a.m.15 views

Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure

The plugin does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. In version 4.1.0 a nonce check was added to the request, but it still lacked authorization. PoC The admininit hook calls MoLdapLocalLogin class loginwidgetsaveoptions...

7.5CVSS8.3AI score0.00819EPSS
Exploits2Affected Software1
OSV
OSV
added 2023/04/05 2:15 p.m.4 views

CVE-2023-1865

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrcnuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels...

6.5CVSS5.8AI score0.00705EPSS
Exploits0References3
OSV
OSV
added 2023/01/18 12:15 a.m.4 views

CVE-2023-21852

Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite component: Setup. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Learning Management...

7.5CVSS7.2AI score0.00517EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/23 9:30 p.m.36 views

Security Bulletin: IBM Sterling Control Center is vulnerable to unauthenticated data manipulation due to Java SE (CVE-2021-2163)

Summary IBM Sterling Control Center has addressed a Java SE difficult to exploit vulnerability that allows unauthenticated attacker with network access to successfully create, delete or modify critical data. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Ja...

5.3CVSS5.5AI score0.03566EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.3 views

ASNeG OPC UA Stack 安全漏洞

ASNeG OPC UA Stack is an open source framework open source by ASNeG Germany. It is used to develop and distribute OPC UA client/server applications. A security vulnerability exists in ASNeG OPC UA Stack that stems from the lack of a handler to handle failures when unauthenticated data is forwarde...

7.5CVSS5.6AI score0.00734EPSS
Exploits0References2
OSV
OSV
added 2022/04/19 9:15 p.m.4 views

CVE-2022-21448

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Visual Analyzer. The supported version that is affected is 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

6.1CVSS6.9AI score0.00792EPSS
Exploits0References1
Rows per page
Query Builder