Lucene search
K

234 matches found

RedhatCVE
RedhatCVE
added 2025/02/20 12:24 a.m.9 views

CVE-2024-57045

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...

9.8CVSS7AI score0.32261EPSS
Exploits1References1
NVD
NVD
added 2025/02/18 3:15 p.m.15 views

CVE-2024-57045

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...

9.8CVSS0.32261EPSS
Exploits1References2
OSV
OSV
added 2025/02/18 3:15 p.m.2 views

CVE-2024-57045

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...

9.8CVSS5.8AI score0.32261EPSS
Exploits1References2
CVE
CVE
added 2025/02/18 12:0 a.m.91 views

CVE-2024-57045

CVE-2024-57045 concerns the D-Link DIR-859 router (firmware A3 1.05 and earlier). The connected Nuclei template confirms a critical information disclosure via an unauthenticated request to /getcfg.php, retrieving sensitive device account information and potentially admin credentials. The underlyi...

9.8CVSS7.3AI score0.32261EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/18 12:0 a.m.6 views

CVE-2024-57045

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...

9.5AI score0.32261EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/18 12:0 a.m.15 views

CVE-2024-57045

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...

0.32261EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/11/25 12:0 a.m.11 views

WordPress Product Input Fields for WooCommerce Plugin <= 1.9 is vulnerable to Path Traversal

Software Product Input Fields for WooCommerce Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10857 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1aed7531d6f7 Credits 1337Wannabe Required...

6.5CVSS6.8AI score0.0075EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.13 views

WordPress Quick Learn Plugin <= 1.0.1 is vulnerable to PHP Object Injection

Software Quick Learn Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52441 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 09d3039a1cf9 Credits LVT-tholv2k Required privilege Unauthenticated...

9.8CVSS6.9AI score0.0054EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.9 views

WordPress WooCommerce Price Alert Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Price Alert Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52469 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 64532f957694 Credits Mika Required privilege...

6.5AI score0.0032EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.14 views

WordPress Google for WooCommerce Plugin <= 2.8.6 is vulnerable to Sensitive Data Exposure

Software Google for WooCommerce Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10486 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID aafd7d494c83 Credits Francesco Carlucci...

5.3CVSS6.5AI score0.00879EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.14 views

WordPress QRMenu Restaurant QR Menu Lite Plugin <= 1.0.3 is vulnerable to PHP Object Injection

Software QRMenu Restaurant QR Menu Lite Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52445 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID faf2a3afc906 Credits LVT-tholv2k Required...

8.8CVSS6.9AI score0.0052EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.11 views

WordPress Debug Tool Plugin <= 2.2 is vulnerable to Remote Code Execution (RCE)

Software Debug Tool Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-52416 Patch priority Medium CVSS severity Medium 10 Developer Claim ownership PSID d30460ac8a3a Credits Mika Required privilege Unauthenticated...

10CVSS7.6AI score0.00445EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.10 views

WordPress Testimonial Slider Shortcode Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Testimonial Slider Shortcode Type Plugin Vulnerable versions = 1.1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51925 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 59c82ea20053 Credits Gab Required privilege...

6.5CVSS6.9AI score0.00268EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.8 views

WordPress Custom Dashboard Widget Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Custom Dashboard Widget Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51860 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dc49fe065d6e Credits SOPROBRO Required privilege...

6.5CVSS6.9AI score0.00312EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.7 views

WordPress Popup Image Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Popup Image Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51811 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6d6327c85e67 Credits SOPROBRO Required privilege Contributor...

6.5CVSS6.9AI score0.00374EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.13 views

WordPress Browsing History Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Browsing History Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51885 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e79fa8e92191 Credits SOPROBRO Required privilege Contributor...

6.5CVSS6.5AI score0.00312EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.9 views

WordPress Advanced Video Player with Analytics Plugin <= 1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Video Player with Analytics Type Plugin Vulnerable versions = 1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51824 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f152b96175b2 Credits SOPROBRO Required...

6.5CVSS6.8AI score0.00361EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.18 views

WordPress Web Stories Widgets For Elementor Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Web Stories Widgets For Elementor Type Plugin Vulnerable versions = 1.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52354 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3d854e2af032 Credits theviper17 Required...

6.5CVSS6.9AI score0.00258EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.10 views

WordPress User Password Reset Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software User Password Reset Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51714 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 916db7652ed6 Credits SOPROBRO Required privilege...

7.1CVSS6.5AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/31 12:0 a.m.10 views

WordPress Golf Tracker Plugin <= 0.7 is vulnerable to SQL Injection

Software Golf Tracker Type Plugin Vulnerable versions = 0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51607 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 38232c097728 Credits LVT-tholv2k Required privilege Contributor Published 31...

8.5CVSS7.2AI score0.00384EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder