Lucene search
K

149 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/23 2:56 p.m.2 views

Malicious code in art19-web-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 833f7a38c823fdd26727d7a6aec9c75365b96860e4723badca46db54163128da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:3 a.m.9 views

CVE-2024-29788

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1...

6.5CVSS8.6AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:33 a.m.7 views

CVE-2015-9288

The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials...

6.5CVSS6.8AI score0.00875EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/07/10 12:0 a.m.5 views

The vulnerabilities of the Analyst component, Web Player, and Automation Services of the Spotfire Analyst platform, as well as the Spotfire Server and AWS Spotfire for AWS Marketplace analytical platforms, allow attackers to execute arbitrary code.

The vulnerabilities of the Analyst component, Web Player, and Automation Services of the Spotfire Analyst platform, as well as the Spotfire Server and the analytics platform based on cloud services AWS Spotfire for AWS Marketplace, are related to insufficient validation of input data. Exploiting...

9.9CVSS5.9AI score0.00587EPSS
Exploits0References4Affected Software3
NVD
NVD
added 2024/06/27 7:15 p.m.28 views

CVE-2024-3330

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction fr...

9.9CVSS0.00587EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/27 6:37 p.m.17 views

CVE-2024-3330 Spotfire Remote Code Execution Vulnerability

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction fr...

9.9CVSS7.3AI score0.00587EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/27 6:37 p.m.28 views

CVE-2024-3330 Spotfire Remote Code Execution Vulnerability

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction fr...

9.9CVSS0.00587EPSS
Exploits0References1
NVD
NVD
added 2024/06/08 2:15 p.m.20 views

CVE-2024-35710

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3...

5.3CVSS0.00365EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/08 2:1 p.m.26 views

CVE-2024-35710 WordPress Podlove Web Player plugin <= 5.7.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3...

5.3CVSS0.00365EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/08 2:1 p.m.17 views

CVE-2024-35710 WordPress Podlove Web Player plugin <= 5.7.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3...

5.3CVSS6.9AI score0.00365EPSS
Exploits0References1
CVE
CVE
added 2024/06/08 2:1 p.m.48 views

CVE-2024-35710

Technical details for CVE-2024-35710 are not provided in the connected documents. Public information here is limited to Podlove Web Player exposure and CVSS data. Monitor official advisories for updates and patches as they become available.

5.3CVSS5.6AI score0.00365EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/08 12:0 a.m.5 views

WordPress plugin Podlove Web Player Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...

5.3CVSS6.2AI score0.00365EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/06 11:16 a.m.3 views

WordPress Podlove Web Player plugin <= 5.7.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Podlove Web Player versions = 5.7.3...

5.3CVSS7AI score0.00365EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/06 12:0 a.m.8 views

WordPress Podlove Web Player Plugin <= 5.7.3 is vulnerable to Sensitive Data Exposure

Software Podlove Web Player Type Plugin Vulnerable versions = 5.7.3 Fixed in 5.7.4 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35710 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7b2985bdf410 Credits Peng Zhou Required...

5.3CVSS6.5AI score0.00365EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.7 views

PT-2024-4654 · Tibco · Spotfire For Aws Marketplace +2

Name of the Vulnerable Software and Affected Versions: Spotfire Analyst versions 12.0.9 through 12.5.0 Spotfire Analyst versions 14.0 through 14.0.2 Spotfire Server versions 12.0.10 through 12.5.0 Spotfire Server versions 14.0 through 14.0.3 Spotfire Server versions 14.2.0 through 14.3.0 Spotfire...

9.9CVSS8AI score0.00587EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.15 views

Podlove Web Player < 5.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Podlove Web Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' variable in versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/03/27 1:15 p.m.19 views

CVE-2024-29788

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1...

6.5CVSS6.4AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/27 12:46 p.m.21 views

CVE-2024-29788 WordPress Podlove Web Player plugin <= 5.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1...

6.5CVSS6.6AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 2024/03/27 12:46 p.m.68 views

CVE-2024-29788

CVE-2024-29788 : Podlove Web Player for WordPress contains a Stored XSS vulnerability via improper neutralization of input during web page generation. Affected versions are Podlove Web Player from 0 through 5.7.1. The issue is exploitable in authenticated contexts. Security status from connected ...

6.5CVSS8.6AI score0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/27 12:46 p.m.20 views

CVE-2024-29788 WordPress Podlove Web Player plugin <= 5.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1...

6.5CVSS6.7AI score0.00331EPSS
Exploits0References1
Rows per page
Query Builder