Lucene search
K

164 matches found

CVE
CVE
added 2024/10/01 7:30 a.m.68 views

CVE-2024-9106

CVE-2024-9106 concerns the WordPress plugin Wechat Social login (

9.8CVSS9.7AI score0.0171EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.190 views

SAP BusinessObjects User Bruteforcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP BusinessObjects User Bruteforcer', 'Description' = 'This module attempts to bruteforce SAP BusinessObjects users. The dswsbobje interface is...

7.4AI score
Exploits0
CNVD
CNVD
added 2024/08/29 12:0 a.m.7 views

Kashipara Bus Ticket Reservation System Cross-Site Request Forgery Vulnerability

Kashipara Bus Ticket Reservation System is a bus reservation system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Bus Ticket Reservation System v1.0, which stems from /deleteTicket.php not adequately verifying that the request comes from a trusted user, and can be...

9.4CVSS6.6AI score0.00299EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.4 views

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Music Management System v1.0, which originates from /music/ajax.php?action=deletegenre does not adequately verify that the request comes from a trusted use...

8.8CVSS6.8AI score0.00581EPSS
Exploits1References3
CNVD
CNVD
added 2024/08/23 12:0 a.m.6 views

Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38219)

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the editproduct.php component not adequately verifying that a request comes from a trust...

8CVSS6.5AI score0.00282EPSS
Exploits1References1
CNVD
CNVD
added 2024/08/23 12:0 a.m.5 views

Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38218)

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the editgroup.php component not adequately verifying that a request comes from a trusted...

8.8CVSS6.5AI score0.00209EPSS
Exploits1References1
CNVD
CNVD
added 2024/08/23 12:0 a.m.7 views

Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38214)

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the deletemedia.php component not adequately verifying that a request comes from a trust...

8.8CVSS6.5AI score0.0029EPSS
Exploits1References1
CNVD
CNVD
added 2024/08/23 12:0 a.m.10 views

Kliqqi CMS Cross-Site Request Forgery Vulnerability

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from admin/adminpage.php?linkid=1&mode=delete does not adequately verify that the request is from a trusted user , an attack...

8.8CVSS6.6AI score0.00279EPSS
Exploits1References1
CNVD
CNVD
added 2024/08/23 12:0 a.m.6 views

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37619)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/adminlog.php?clear=1 does not adequately verify that the request is from a trusted user , an attacker can use this...

8.8CVSS6.7AI score0.00201EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.5 views

Kliqqi CMS 安全漏洞

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminwidgets.php?action=remove&widget=Statistics does not adequately verify whether the request is from a truste...

8.8CVSS7AI score0.00279EPSS
Exploits1References2
NVD
NVD
added 2024/07/24 3:15 a.m.28 views

CVE-2024-7027

The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers t...

7.3CVSS0.00406EPSS
Exploits0References2
CVE
CVE
added 2024/05/24 3:30 a.m.55 views

CVE-2024-4544

CVE-2024-4544 affects Pie Register - Social Sites Login (Add on) for WordPress. Versions up to 1.7.7 are vulnerable to authentication bypass due to insufficient verification during social login, enabling unauthenticated users to log in as an existing user (e.g., admin) if they have the user’s ema...

9.8CVSS9.7AI score0.00581EPSS
Exploits0References2
NVD
NVD
added 2024/05/03 2:15 a.m.21 views

CVE-2023-35726

D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.00855EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 2:15 a.m.1 views

CVE-2023-35726

D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS6.3AI score0.00855EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/03 1:57 a.m.35 views

CVE-2023-35726 D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS9.2AI score0.00855EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:57 a.m.61 views

CVE-2023-35725

CVE-2023-35725 affects D-Link DAP-2622 devices via a stack-based buffer overflow in the DDP service. The vulnerability arises from improper validation of user-supplied data length before copying to a fixed-length stack buffer, enabling network-adjacent attackers to execute code with root privileg...

8.8CVSS9.1AI score0.00855EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/13 9:38 p.m.18 views

CVE-2023-6152

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...

5.4CVSS7.2AI score0.01385EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/18 12:0 a.m.3 views

FlyCms 安全漏洞

FlyCms is sunkaifei open source an application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social network building program . FlyCms cross-site request forgery vulnerability , the vulnerability stems from /system/admin/addgroupsave location does not...

8.8CVSS6.8AI score0.00324EPSS
Exploits1References2
CNVD
CNVD
added 2023/12/04 12:0 a.m.21 views

Dreamer CMS Cross-Site Request Forgery Vulnerability

Dreamer CMS is a dreamer content management system. A cross-site request forgery vulnerability exists in Dreamer CMS v4.1.3, which stems from the component /admin/archives/delete not adequately verifying whether a request comes from a trusted user, and can be exploited by an attacker to forge a...

8.8CVSS6.8AI score0.0036EPSS
Exploits1References1
NVD
NVD
added 2023/11/09 10:15 p.m.15 views

CVE-2023-29975

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification...

7.2CVSS0.01679EPSS
Exploits0References1
Rows per page
Query Builder