Lucene search
K

82 matches found

Patchstack
Patchstack
added 2024/11/01 12:0 a.m.25 views

WordPress BetterLinks Plugin <= 2.1.7 is vulnerable to SQL Injection

Software BetterLinks Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51672 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 159a4550c364 Credits Marek Mikita Required privilege Administrator Publish...

7.6CVSS7.2AI score0.00456EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.11 views

WordPress Bit Form – Contact Form Plugin Plugin <= 2.13.10 is vulnerable to Arbitrary File Upload

Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions = 2.13.10 Fixed in 2.13.11 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-47319 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID 4ad1bd9ca230 Credits Certus Cybersecurity...

8CVSS6.8AI score0.00426EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/12 9:15 p.m.3 views

DEBIAN-CVE-2024-43359

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61...

6.1CVSS4.9AI score0.00375EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.10 views

WordPress Tumult Hype Animations Plugin <= 1.9.11 is vulnerable to Cross Site Scripting (XSS)

Software Tumult Hype Animations Type Plugin Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-30461 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 98402ce486d0 Credits Majed...

5.7AI score0.00148EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/02 4:15 p.m.5 views

CVE-2023-41292

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

7.2CVSS6.1AI score0.0058EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/12/19 12:0 a.m.7 views

WordPress WP Edit Username Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Edit Username Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47527 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3874545cb784 Credits Jeongwoo-LeeRoronoa Required privileg...

5.9CVSS6.6AI score0.00291EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/11/09 9:15 p.m.17 views

Denial of service

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10...

5CVSS7AI score0.00719EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/06/23 12:15 p.m.1 views

CVE-2023-30362

Buffer Overflow vulnerability in coapsend function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu...

7.5CVSS5.9AI score0.00754EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.3 views

SUSE CVE-2016-1000030

Pidgin version 2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutlsx509crtinit and gnutlsx509crtimport that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client...

9.8CVSS7.6AI score0.01844EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.3 views

SUSE CVE-2021-32627

Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and...

7.5CVSS8.4AI score0.03688EPSS
Exploits0References5
Prion
Prion
added 2021/03/02 6:15 p.m.16 views

Design/Logic Flaw

A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to...

5CVSS5.2AI score0.01016EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/02/16 12:0 a.m.23 views

CVE-2021-27102

Accellion FTA 912411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA912416 and later. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS6.1AI score0.03624EPSS
In wildExploits0References3
RedHat Linux
RedHat Linux
added 2020/02/25 12:14 p.m.7 views

rubygems: Path traversal when writing to a symlinked basedir outside of the root

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

7.5CVSS7.2AI score0.05076EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2019/09/25 2:44 p.m.35 views

CVE-2019-13627

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7...

6.3CVSS6.6AI score0.0051EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/11/06 12:0 a.m.48 views

Debian: Security Advisory (DLA-1568-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.11737EPSS
Exploits0References3
Symfony
Symfony
added 2018/08/01 12:0 a.m.82 views

CVE-2018-14773: Remove support for legacy and risky HTTP headers

Affected versions Symfony 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13 and 4.1.0 to 4.1.2 versions of the Symfony HttpFoundation component are affected by this security issue. The issue has been fixed in Symfony 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14, and...

6.5CVSS6.8AI score0.58061EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2018/01/08 4:44 p.m.9 views

nulca.com.au XSS vulnerability

Open Bug Bounty ID: OBB-501219 Description| Value ---|--- Affected Website:| nulca.com.au Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based ...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.70 views

[SECURITY] [DSA 3282-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3282-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez June 08, 2015 http://www.debian.org/security/faq -...

2.6CVSS1.4AI score0.02028EPSS
Exploits0
Exploit DB
Exploit DB
added 2011/03/02 12:0 a.m.363 views

vsftpd 2.3.2 - Denial of Service

include include include include include include include / This is code of http://cxib.net/stuff/vspoc232.c PoC CVE-2011-0762 vsftpd Remote Denial of Service Affected: 2.3.2 Fix: 2.3.4 Author: Maksymilian Arciemowicz Use: ./vspoc232 127.0.0.1 21 user pass 1 or read...

4CVSS7.7AI score0.73946EPSS
Exploits9
OSV
OSV
added 2008/08/10 12:0 a.m.31 views

DSA-1628-1 pdns - DNS spoofing

Bulletin has no description...

6.4CVSS6.5AI score0.06115EPSS
Exploits0
Rows per page
Query Builder