CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

264 matches found

Patchstack•added 2024/06/06 12:0 a.m.•11 views

WordPress Visualizer Plugin <= 3.11.1 is vulnerable to SQL Injection

Software Visualizer Type Plugin Vulnerable versions = 3.11.1 Fixed in 3.11.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-35736 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID a8a01c7cac74 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

8.8CVSS6.8AI score0.00518EPSS

Exploits0References2Affected Software1

Fedora•added 2024/06/02 3:39 a.m.•7 views

[SECURITY] Fedora 39 Update: rust-elfcat-0.1.8-10.fc39

ELF visualizer. Generates HTML files from ELF binaries...

7.2AI score

Exploits0

OpenVAS•added 2024/05/27 12:0 a.m.•8 views

Fedora: Security Advisory for rust-elfcat (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score

Exploits0References2

Fedora•added 2024/05/26 1:29 a.m.•12 views

[SECURITY] Fedora 40 Update: rust-elfcat-0.1.8-10.fc40

ELF visualizer. Generates HTML files from ELF binaries...

7.2AI score

Exploits0

Cvelist•added 2024/05/16 2:36 a.m.•23 views

CVE-2024-3750 Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...

8.8CVSS9AI score0.00433EPSS

Exploits0References4

CVE•added 2024/05/16 2:36 a.m.•65 views

CVE-2024-3750

CVE-2024-3750 affects Visualizer: Tables and Charts Manager for WordPress. Root cause: missing capability check in getQueryData() across all versions up to 3.10.15, enabling authenticated users with subscriber-level access and above to run arbitrary SQL queries, with potential privilege escalatio...

8.8CVSS7.1AI score0.00433EPSS

Exploits0References4

Positive Technologies•added 2024/05/16 12:0 a.m.•2 views

PT-2024-27606 · WordPress · The Visualizer: Tables/Charts Manager

Name of the Vulnerable Software and Affected Versions: The Visualizer: Tables and Charts Manager for WordPress versions up to, and including, 3.10.15 Description: The issue is related to a missing capability check on the getQueryData function, allowing authenticated attackers with subscriber-leve...

8.8CVSS7.6AI score0.00433EPSS

Exploits0References6

CNNVD•added 2024/05/16 12:0 a.m.•2 views

WordPress plugin Visualizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.5AI score0.00433EPSS

Exploits0References5

Patchstack•added 2024/05/15 5:16 p.m.•3 views

WordPress Visualizer plugin <= 3.10.15 - Subscriber+ Arbitrary SQL Execution vulnerability

Subscriber+ Arbitrary SQL Execution vulnerability discovered by Krzysztof Zając in WordPress Plugin Visualizer versions = 3.10.15...

8.8CVSS7.7AI score0.00433EPSS

Exploits0References1Affected Software1

Wordfence Blog•added 2024/05/15 3:0 p.m.•28 views

30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 10th, 2024, during our second Bug Bounty Extravaganza, w...

8.8CVSS8AI score0.00433EPSS

Exploits0

Patchstack•added 2024/05/15 12:0 a.m.•11 views

WordPress Visualizer Plugin <= 3.10.15 is vulnerable to SQL Injection

Software Visualizer Type Plugin Vulnerable versions = 3.10.15 Fixed in 3.11.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-3750 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6418115de830 Credits Krzysztof Zając Required privilege Subscriber...

8.8CVSS6.8AI score0.00433EPSS

Exploits0References3Affected Software1

WPVulnDB•added 2024/05/15 12:0 a.m.•16 views

Visualizer: Tables and Charts Manager for WordPress < 3.11.0 - Missing Authorization to Arbitrary SQL Execution

Description The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for...

8.8CVSS7.3AI score0.00433EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/03/20 12:0 a.m.•16 views

Visualizer < 3.10.6 - Reflected Cross-Site Scripting

Description The Visualizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00179EPSS

Exploits0References1Affected Software1

OSV•added 2024/03/17 5:15 p.m.•2 views

CVE-2024-27958

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5...

6.1CVSS5.8AI score

Exploits0References1

NVD•added 2024/03/17 5:15 p.m.•13 views

CVE-2024-27958

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5...

7.1CVSS6.9AI score0.00179EPSS

Exploits0References1

Cvelist•added 2024/03/17 4:24 p.m.•17 views

CVE-2024-27958 WordPress Visualizer plugin <= 3.10.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5...

7.1CVSS7.1AI score0.00179EPSS

Exploits0References1

Vulnrichment•added 2024/03/17 4:24 p.m.•14 views

CVE-2024-27958 WordPress Visualizer plugin <= 3.10.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5...

7.1CVSS6.9AI score0.00179EPSS

Exploits0References1

CVE•added 2024/03/17 4:24 p.m.•76 views

CVE-2024-27958

CVE-2024-27958 is a Reflected XSS in Themeisle Visualizer (Visualizer: Tables and Charts Manager for WordPress). Affected: Visualizer (n/a through 3.10.5). Root cause: improper neutralization of input during web page generation. Impact per description: Reflected XSS. Remediation: update to patche...

7.1CVSS8.6AI score0.00179EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/03/17 12:0 a.m.•2 views

WordPress Plugin Visualizer Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS5.9AI score0.00179EPSS

Exploits0References2

Positive Technologies•added 2024/03/17 12:0 a.m.•5 views

PT-2024-22162 · Themeisle · Themeisle Visualizer

Name of the Vulnerable Software and Affected Versions: Themeisle Visualizer versions 3.10.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

7.1CVSS9.3AI score0.00179EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by