Lucene search
K

132 matches found

Cvelist
Cvelist
added 2024/05/21 5:33 p.m.28 views

CVE-2024-34240

QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting XSS resulting in arbitrary code execution in admin functions related to adding or updating records...

6.5AI score0.00373EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/05/20 12:0 a.m.5 views

PT-2024-25761

Name of the Vulnerable Software and Affected Versions QDOCS Smart School version 7.0.0 Description The issue is related to Cross Site Scripting XSS, which results in arbitrary code execution in admin functions, specifically when adding or updating records. This could potentially allow an attacker...

6.1CVSS7AI score0.00373EPSS
Exploits1References8
GithubExploit
GithubExploit
added 2024/04/06 11:30 p.m.81 views

Exploit for CVE-2024-27631

CVE-2024-27631 Vulnerability Details Overview In Savane v...

6CVSS7.5AI score0.00417EPSS
Exploits2
OSV
OSV
added 2024/03/13 9:16 p.m.11 views

CVE-2024-28662

A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in createtag in admin/include/functions.php...

5.4CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2024/03/13 9:16 p.m.10 views

Cross site scripting

A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in createtag in admin/include/functions.php...

6.8AI score0.00434EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 12:0 a.m.8 views

CVE-2024-28662

A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in createtag in admin/include/functions.php...

6.4AI score0.00434EPSS
Exploits0References3
OSV
OSV
added 2024/02/05 10:16 p.m.5 views

CVE-2024-0797

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible fo...

4.3CVSS7.4AI score0.00424EPSS
Exploits0References2
CVE
CVE
added 2024/02/05 9:21 p.m.63 views

CVE-2024-0797

CVE-2024-0797 affects the WordPress plugin “Active Products Tables for WooCommerce” (Profit-Products-Tables-for-WooCommerce). The vulnerability is due to missing capability checks in several functions, allowing subscribers (and higher) to access admin-only functionality in all versions up to and ...

4.3CVSS5.5AI score0.00424EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.5 views

PT-2024-15830 · Woocommerce · Active Products Tables For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Active Products Tables for WooCommerce versions up to, and including, 1.0.6.1 Description: The issue allows unauthorized access to functionality due to a missing capability check on several functions. This makes it possible for subscriber...

4.3CVSS5.6AI score0.00424EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.4 views

Silverpeas Security Vulnerabilities

Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums and document management. A security vulnerability exists in Silverpeas Core 6.3.1 and earlier versions, which stems from the vulnerability of the application to...

8.1CVSS6.9AI score0.00739EPSS
Exploits1References3
Code423n4
Code423n4
added 2023/10/30 12:0 a.m.11 views

Unrestricted access to critical admin functions in StakedUSDe due to extremely flawed implementation in SingleAdminAccessControl

Lines of code Vulnerability details Summary There is a critical vulnerability in the StakedUSDe CA, allowing an attacker to manipulate the state of the CA and/or drain assets without proper authorization. Vulnerability Detail The StakedUSDe inherits from the SingleAdminAccessControl CA, which...

7.4AI score
Exploits0
OSV
OSV
added 2023/06/14 8:15 p.m.7 views

CVE-2023-26062

A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possibl...

7.8CVSS5.8AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2023/06/14 8:15 p.m.10 views

CVE-2023-26062

A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possibl...

7.8CVSS7.2AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.5 views

PT-2023-20458 · Nokia · Nokia Web Element Manager

Name of the Vulnerable Software and Affected Versions: Nokia Web Element Manager versions prior to 22 R1 Description: A mobile network solution internal fault is found in Nokia Web Element Manager, where an authenticated, unprivileged user can execute administrative functions. Exploitation is not...

7.8CVSS7.6AI score0.00167EPSS
Exploits0References5
Huntr
Huntr
added 2023/05/26 3:7 a.m.26 views

SQL injection in some Admin Sort functions

Description SQL injection due to unsanitized concatenating strings into ORDER BY clause, 'sort' parameter Proof of Concept Log in as an admin, go to Admin Translations or Application Logger functions, and perform a sort action Observer the request on Burpsuite and injection point is the 'sort'...

5.8CVSS7.2AI score0.00738EPSS
Exploits1
Code423n4
Code423n4
added 2023/04/03 12:0 a.m.12 views

A malicious frontrunner can make the Mutebond contract broken when the owner decreases maxPayout

Lines of code Vulnerability details Impact The Mutebond contract might stop working after the owner decreased maxPayout by a malicious frontrunner. Proof of Concept setMaxPayout can be used to reset maxPayout. function setMaxPayoutuint payout external requiremsg.sender == customTreasury.owner;...

7.1AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2023/03/21 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-45813

BeRocket Plugins for WordPress is vulnerable to an authorization bypass in the closenotice, subscribe, disableratenotice, featurerequestsend, getpluginerrorajax, closenotice, and testkey functions which can allow user level subscribers to invoke these admin level functions...

5.8AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 7:15 p.m.4 views

CVE-2022-42438

IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210...

8.8CVSS5.8AI score0.00532EPSS
Exploits0References2
Prion
Prion
added 2023/02/08 7:15 p.m.16 views

Code injection

IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210...

6.5CVSS8.1AI score0.00532EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/08 6:59 p.m.9 views

CVE-2022-42438 IBM Cloud Pak for Multicloud Management Monitoring privilege escalation

IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210...

7.5CVSS6.6AI score0.00532EPSS
Exploits0References2
Rows per page
Query Builder