Lucene search
K

225 matches found

Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.6 views

PT-2024-34757 · Unknown · Aajoda Testimonials

Name of the Vulnerable Software and Affected Versions: Aajoda Testimonials versions n/a through 2.2.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Aajoda Testimonials...

6.5CVSS5.8AI score0.00229EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.5 views

PT-2024-39647 · Zoho · Zoho Manageengine Exchange Reporter Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior Description: The issue concerns an authenticated SQL Injection in the reports module. Recommendations: For versions 5718 and prior, update to a version later than 5718 to...

8.8CVSS8.3AI score0.0207EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.4 views

PT-2024-32529 · Wpquads · Wp Quads Ads

Name of the Vulnerable Software and Affected Versions: WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads versions through 2.0.84 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels...

8.8CVSS7.2AI score0.00375EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.6 views

PT-2024-32579 · Wpchill · Wpchill Strong Testimonials

Name of the Vulnerable Software and Affected Versions: WPChill Strong Testimonials versions 3.1.16 and earlier Description: A Missing Authorization vulnerability in WPChill Strong Testimonials allows exploiting incorrectly configured access control security levels. Recommendations: For versions...

8.8CVSS7.2AI score0.00396EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.4 views

PT-2024-34237 · Wpdeveloper · Wpdeveloper Embedpress

Name of the Vulnerable Software and Affected Versions: WPDeveloper EmbedPress versions 4.0.14 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations:...

6.5CVSS5.3AI score0.00241EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.8 views

PT-2024-34263 · Unknown · Acnoo Flutter Api

Name of the Vulnerable Software and Affected Versions: Acnoo Flutter API versions 1.0.0 through 1.0.5 Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing unauthorized access. This is a problem where the authentication process can be bypassed,...

9.8CVSS6.7AI score0.00525EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.4 views

PT-2024-33648 · WordPress · Wp Flow Plus

Name of the Vulnerable Software and Affected Versions: WP Flow Plus versions through 5.2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For WP Flow Plu...

6.5CVSS5.6AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.3 views

PT-2024-33448 · Digitally · Digitally

Name of the Vulnerable Software and Affected Versions: Digitally versions 1.0.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions 1.0.8...

7.1CVSS6.8AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.4 views

PT-2024-39608 · WordPress · Parcel Pro

Name of the Vulnerable Software and Affected Versions: Parcel Pro plugin for WordPress versions up to, and including, 1.8.4 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inje...

6.1CVSS6.8AI score0.00382EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.5 views

PT-2024-7119 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.0.3 and earlier Description: The issue is caused by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use...

7.8CVSS8.2AI score0.00269EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.5 views

PT-2024-32522 · Unknown · Ari Fancy Lightbox

Name of the Vulnerable Software and Affected Versions: ARI Fancy Lightbox versions 1.3.17 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.9 views

PT-2024-32542 · Elementor · Elementsready Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementsReady Addons for Elementor versions n/a through 6.4.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

6.5CVSS5.7AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.7 views

PT-2024-32553 · WordPress · Wp Mail Catcher

Name of the Vulnerable Software and Affected Versions: WP Mail Catcher versions through 2.1.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions...

7.1CVSS6.8AI score0.0029EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.3 views

PT-2024-30902 · Unknown · Temegum Gum Elementor Addon

Name of the Vulnerable Software and Affected Versions: TemeGUM Gum Elementor Addon versions 1.3.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.6 views

PT-2024-38806 · WordPress · Slider Revolution

Name of the Vulnerable Software and Affected Versions: Slider Revolution plugin for WordPress versions up to, and including, 6.7.18 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6.2AI score0.00304EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.9 views

PT-2024-39558 · WordPress · Locateandfilter Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: LocateAndFilter plugin for WordPress versions up to, and including, 1.6.14 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6.2AI score0.00326EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/22 12:0 a.m.3 views

PT-2024-31643 · Peter Hardy Vandoorn · Maintenance Redirect

Name of the Vulnerable Software and Affected Versions: Peter Hardy-vanDoorn Maintenance Redirect versions n/a through 2.0.1 Description: The issue is related to an Authentication Bypass by Spoofing vulnerability, which allows accessing functionality not properly constrained by ACLs. This enables...

3.7CVSS6.8AI score0.00343EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/07 12:0 a.m.6 views

PT-2024-18158 · WordPress · Ninja Forms - File Uploads

Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads plugin for WordPress versions up to, and including, 3.3.16 Description: The issue is a Stored Cross-Site Scripting vulnerability via an uploaded file, such as an RTX file, due to insufficient input sanitization and...

7.2CVSS6.6AI score0.00403EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.6 views

PT-2024-30406 · Eyecix · Eyecix Jobsearch

Name of the Vulnerable Software and Affected Versions: eyecix JobSearch versions n/a through 2.3.4 Description: The issue is related to improper privilege management, allowing privilege escalation. This problem affects eyecix JobSearch, enabling unauthorized access to sensitive data and potential...

9.8CVSS6.8AI score0.00473EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/09 12:0 a.m.4 views

PT-2024-38312 · WordPress · Linkify Text

Name of the Vulnerable Software and Affected Versions: Linkify Text plugin for WordPress versions up to and including 1.9.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin uses bootstrap and leaves test files with display errors enabled. This allows...

5.3CVSS6.6AI score0.00482EPSS
Exploits0References4
Rows per page
Query Builder