Lucene search
K

597 matches found

OSV
OSV
added 2024/06/04 7:15 a.m.4 views

CVE-2024-20880

Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory...

6.8CVSS6.1AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 4:17 p.m.5 views

CVE-2024-32352

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an authenticated remote command execution RCE vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary...

8.8CVSS5.9AI score0.02175EPSS
Exploits1References2
OSV
OSV
added 2024/05/03 3:15 a.m.4 views

CVE-2023-41228

D-Link DIR-3040 prog.cgi SetUsersSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability...

6.8CVSS7.1AI score0.00705EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 5:15 p.m.3 views

CVE-2024-3197

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in the plugin's widgets in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS6AI score0.00449EPSS
Exploits0References2
OSV
OSV
added 2024/04/16 1:15 p.m.4 views

CVE-2024-3067

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

7.2CVSS5.8AI score0.00684EPSS
Exploits0References3
OSV
OSV
added 2024/04/09 7:15 p.m.3 views

CVE-2024-0873

The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

5.4CVSS5.9AI score0.0048EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.3 views

PT-2024-19708 · Open Xchange Gmbh · Ox App Suite

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Upsell advertisement information of an account can be manipulated to execute script code in the context of the user's browser session. To exploit this, ...

5.4CVSS7.1AI score0.00499EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/04/06 12:0 a.m.10 views

PT-2024-19630 · 10Web · The Photo Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.21 Description: The issue is related to Stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization...

5.5CVSS8.1AI score0.00436EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.7 views

PT-2024-22937 · WordPress · The Simple Ajax Chat

Name of the Vulnerable Software and Affected Versions: The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress versions up to, and including, 20231101 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and...

4.4CVSS7.9AI score0.0033EPSS
Exploits0References6
OSV
OSV
added 2024/03/16 2:15 a.m.3 views

CVE-2024-2308

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

5.4CVSS7.4AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2024/02/27 9:15 a.m.7 views

CVE-2023-7167

The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS7.3AI score0.00396EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/02/24 12:0 a.m.5 views

PT-2024-14831 · WordPress · Backwpup

Name of the Vulnerable Software and Affected Versions: BackWPup plugin for WordPress versions up to, and including, 4.0.2 Description: The issue arises from the improper storage of backup destination passwords in plaintext, allowing authenticated attackers with administrator-level access to...

2.7CVSS5AI score0.00449EPSS
Exploits0References5
OSV
OSV
added 2024/02/23 7:15 a.m.9 views

CVE-2024-1776

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.2CVSS7.3AI score0.00562EPSS
Exploits0References2
OSV
OSV
added 2024/02/14 7:31 p.m.8 views

DRUPAL-CONTRIB-2024-009

The CKEditor 4 LTS - WYSIWYG HTML editor module uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that on certain configurations may impact the Drupal module that bundles and integrates this code. The vulnerability is mitigated by the fact it requires: 1...

5.4CVSS6AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2024/02/13 10:16 p.m.7 views

CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...

4.9CVSS5AI score0.00363EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.6 views

PT-2024-20760 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.57 ELTS TYPO3 versions prior to 9.5.46 ELTS TYPO3 versions prior to 10.4.43 ELTS TYPO3 versions prior to 11.5.35 LTS TYPO3 versions prior to 12.4.11 LTS TYPO3 versions prior to 13.0.1 Description: The plaintext val...

4.9CVSS7.2AI score0.00363EPSS
Exploits0References14
OSV
OSV
added 2024/02/05 10:16 p.m.5 views

CVE-2024-0668

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

7.2CVSS6AI score0.01139EPSS
Exploits0References4
NVD
NVD
added 2024/02/02 6:15 p.m.28 views

CVE-2024-1187

A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. T...

5.5CVSS4.5AI score0.00325EPSS
Exploits1References3
NCSC
NCSC
added 2024/02/01 12:0 a.m.4 views

Vulnerabilities fixed in GNU glibc

Vulnerabilities have been fixed in GNU glibc. A malicious party can exploit the vulnerabilities to cause a denial-of-service cause, or grant himself elevated privileges and execute arbitrary code, possibly with root privileges. For successful exploitation, the malicious party must have prior acce...

8.4CVSS7.3AI score0.04794EPSS
Exploits9
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.6 views

PT-2024-15730 · WordPress · Meks Smart Social Widget

Name of the Vulnerable Software and Affected Versions: Meks Smart Social Widget plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Stored Cross-Site Scripting via the Meks Smart Social Widget, caused by insufficient input sanitization and output escapin...

4.8CVSS5.4AI score0.00304EPSS
Exploits0References8
Rows per page
Query Builder