Lucene search
K

51 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/12/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-3169

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform...

6.1CVSS6.9AI score0.01582EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/07/20 12:0 a.m.5 views

PT-2023-26142 · Unknown · Dooblou Wifi File Explorer

Name of the Vulnerable Software and Affected Versions: Dooblou WiFi File Explorer version 1.13.3 Description: A vulnerability was found in the software, affecting an unknown functionality. The manipulation of the argument search/order/download/mode leads to cross site scripting. The attack can be...

5.4CVSS4.2AI score0.00507EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.12 views

PT-2023-20502 · Safe-Eval · Safe-Eval

Name of the Vulnerable Software and Affected Versions: safe-eval versions all Description: The issue arises from improper sanitization of the parameter content in the safeEval function, leading to Prototype Pollution. This affects all versions of the safe-eval package. Recommendations: For all...

10CVSS7.2AI score0.01111EPSS
Exploits1References9
OSV
OSV
added 2023/02/13 3:15 p.m.4 views

CVE-2023-0260

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

8.8CVSS7.3AI score0.00919EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.5 views

PT-2022-25899 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...

6.5CVSS6.4AI score0.00854EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2022/01/25 1:15 p.m.2 views

CVE-2021-45803

MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation...

8.8CVSS6AI score0.01179EPSS
Exploits1References3
CNVD
CNVD
added 2020/10/28 12:0 a.m.6 views

TuziCMS suffers from arbitrary file deletion vulnerability (CNVD-2020-62425)

TuziCMS TC for short is an enterprise web content management system based on PHP+MySql. TuziCMS has an arbitrary file deletion vulnerability. The vulnerability is due to the system parameters are not user-submitted data filtering or processing caused by an attacker can be exploited to delete...

7AI score
Exploits0
OSV
OSV
added 2020/07/28 5:15 p.m.8 views

CVE-2020-15422

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

9.8CVSS7.7AI score0.08411EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/03/09 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

9.8CVSS7.3AI score0.08877EPSS
Exploits2References1
OSV
OSV
added 2017/04/28 6:17 a.m.5 views

USN-3272-1 ghostscript vulnerabilities

It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service application crash...

7.8CVSS6.8AI score0.96968EPSS
Exploits11References7
Hacker One
Hacker One
added 2017/03/16 7:27 p.m.22 views

Shopify: Setting Arbitrary Cookie at kitcrm.com

Hey The src parameter of Image is not being sanitized which allows me to set cookies at kitcrm.com Proof of Concept 1. Create a post at https://kitcrm.com/pages/ID/manualposts/new 2. Select Schedule for Later 3. Go to Scheduled Posts https://kitcrm.com/pages/ID/manualposts 4. Click Edit on your...

Exploits0
Rows per page
Query Builder