Lucene search
K

1143 matches found

CVE
CVE
added 2024/06/13 8:31 a.m.66 views

CVE-2024-4371

CVE-2024-4371 applies to the WordPress plugin “CoDesigner – Elementor Addon for WooCommerce” (CoDesigner WooCommerce Builder for Elementor). It describes an unauthenticated PHP Object Injection in versions up to 4.4.1 caused by deserialization of untrusted input from the recently_viewed_products ...

9.8CVSS9.3AI score0.00675EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.20 views

CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Unauthenticated PHP Object Injection

Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. Thi...

9.8CVSS7.3AI score0.00675EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/10 9:36 p.m.26 views

ghtml Cross-Site Scripting (XSS) vulnerability

Summary It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Actions Taken - Updated the documentation to clarify that while ghtml escapes characters with special meaning in HTML, it does not provide comprehensive protecti...

8.9CVSS5.4AI score0.00436EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/06/08 3:15 p.m.14 views

CVE-2023-45707

HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks...

4.4CVSS0.0025EPSS
Exploits0References1
CVE
CVE
added 2024/06/08 3:10 p.m.42 views

CVE-2023-45707

CVE-2023-45707 affects HCL Connections Docs. Connected PT-security data specifies that versions prior to 2.0.2 are vulnerable to cross-site scripting, enabling an attacker to leverage the issue to execute arbitrary code and potentially disclose credentials. The remediation is to upgrade to a vers...

4.4CVSS5.1AI score0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/08 3:10 p.m.11 views

CVE-2023-45707 HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)

HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks...

4.4CVSS7AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/08 3:10 p.m.16 views

CVE-2023-45707 HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)

HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks...

4.4CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/31 7:53 p.m.45 views

CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php

The referrer URL used by MFA required additional sanitizing, rather than being used directly...

6.4AI score0.00541EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.9 views

Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Go to the plugin settings 2. In the "Additional CSS" field, enter the payload...

5.7AI score0.00399EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2024/05/28 12:0 a.m.158 views

Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Go to the plugin settings 2. In the "Additional CSS" field, enter the payload 3. Save...

5.9AI score0.00399EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/05/23 12:0 a.m.4 views

vantage6 安全漏洞

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in versions of vantage6 prior to 4.5.0 that stems from the ability of collaboration administrators to add additional organizations to their...

2.7CVSS4.3AI score0.00316EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.5 views

PT-2024-25015 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.5.0rc3 Description: The issue allows collaboration administrators to add extra organizations to their collaboration, extending their influence. They can create new users for which they know the passwords and use...

2.7CVSS7AI score0.00316EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/05/17 2:24 p.m.22 views

CVE-2023-52679 of: Fix double free in of_parse_phandle_with_args_map

In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in ofparsephandlewithargsmap In ofparsephandlewithargsmap the inner loop that iterates through the map entries calls ofnodeputnew to free the reference acquired by the previous iteration of the inner loop. Thi...

6.5AI score0.00264EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/05/13 9:17 a.m.16 views

CVE-2024-3263 Improper authentication in YMS VIS Pro

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks c...

9.8CVSS7.2AI score0.00795EPSS
Exploits0References2
CVE
CVE
added 2024/05/13 9:17 a.m.49 views

CVE-2024-3263

CVE-2024-3263 affects YMS VIS Pro due to improper system-credentials generation and weak password policy, enabling brute-force login attempts. Public details identify affected versions as VIS Pro 3.3.0.7). There is no explicit exploitation details or public in-the-wild exploit information provide...

9.8CVSS7AI score0.00795EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/07 9:2 p.m.15 views

CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access...

8.4CVSS7AI score0.00368EPSS
Exploits0References1
CVE
CVE
added 2024/05/07 4:25 a.m.55 views

CVE-2024-20821

CVE-2024-20821 affects Samsung Exynos SoCs (e.g., Exynos1380, Exynos1330, Exynos2400) where a vulnerability allows a local attacker to reconfigure OTP and transit into RMA mode, disabling security features. The underlying issue is a reconfigurable OTP that requires an additional privilege to cont...

4.4CVSS6.7AI score0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/04 3:31 a.m.17 views

CVE-2024-3240 ConvertPlug <= 3.5.25 - Authenticated (Contributor+) PHP Object Injection

The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smileinfobar' shortcode. This makes it possible for authenticated attackers, with...

8.8CVSS9.3AI score0.00769EPSS
Exploits0References2
CVE
CVE
added 2024/05/04 3:31 a.m.61 views

CVE-2024-3240

CVE-2024-3240 affects the ConvertPlug (ConvertPlus) WordPress plugin up to version 3.5.25. It allows authenticated users withContributor+ access to trigger a PHP Object Injection via deserialization of untrusted data in the shortcodes’ settings_encoded attribute of the smile_info_bar element, pot...

8.8CVSS7AI score0.00769EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 3:30 p.m.22 views

GHSA-V63G-V339-2673 Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

8.8CVSS9.8AI score0.48081EPSS
Exploits0References5
Rows per page
Query Builder