Lucene search
K

50 matches found

Patchstack
Patchstack
added 2024/07/10 12:0 a.m.23 views

WordPress JSON API User Plugin <= 3.9.3 is vulnerable to Privilege Escalation

Software JSON API User Type Plugin Vulnerable versions = 3.9.3 Fixed in 3.9.4 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6624 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c77720f52f77 Credits Thanh Nam Tran Required privile...

9.8CVSS6.5AI score0.0287EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2021/08/10 7:15 p.m.4 views

CVE-2021-21600

Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path...

6.5CVSS6.6AI score0.00832EPSS
Exploits0References1
Prion
Prion
added 2021/07/15 4:15 p.m.22 views

Design/Logic Flaw

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

6.5CVSS8.5AI score0.01803EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2021/07/15 3:15 p.m.10 views

CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...

8.8CVSS0.0114EPSS
Exploits1References4
PyPA
PyPA
added 2021/01/13 4:15 a.m.4 views

PYSEC-2021-67

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an xsrf field, as demonstrated by a /hub/api/user request to add or remove a user account...

4.5CVSS9.1AI score0.00499EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2020/10/21 12:0 a.m.8 views

Unspecified Vulnerability in HCL AppScan (CNVD-2021-13713)

HCL AppScan is a suite of dynamic analysis testing tools from HCL India. The tool is mainly used for web security testing. A security vulnerability exists in HCL AppScan Enterprise that stems from the use of broken or risky encryption algorithms to store REST API user details. No detailed...

5.3CVSS6.8AI score0.00542EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/06 5:18 p.m.28 views

CVE-2019-4325

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."...

5.3AI score0.00542EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/12/12 12:0 a.m.18 views

vBulletin 5.5.x < 5.5.2 Patch Level 2 Multiple Vulnerabilities

According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x 5.5.2 Patch Level 2, 5.5.3 5.5.3 Patch Level 2 or 5.5.4 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities : - A SQL injection vulnerability v...

9.8CVSS10AI score0.1178EPSS
Exploits6References5
OSV
OSV
added 2019/02/18 2:29 p.m.2 views

CVE-2019-8902

An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI...

5.7CVSS5.8AI score0.00381EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

WordPress Zotpress plugin <= 4.4 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Zotpress plugin = 4.4 SQL Injection Vulnerability Date: 2011-09-04 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/zotpress.4.4.zip Version: 4.4 tested Note: magicquotes...

7.1AI score
Exploits0
Rows per page
Query Builder