Lucene search
K

148 matches found

CNNVD
CNNVD
added 2025/03/27 12:0 a.m.4 views

WordPress plugin Comment Approved Notifier Extended 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

5.9CVSS7.7AI score0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/19 11:25 p.m.3 views

CVE-2024-37361 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. CWE-502 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without constraining the parser to...

9.9CVSS9.6AI score0.00482EPSS
Exploits0References1
Krebs on Security
Krebs on Security
added 2024/11/09 7:20 p.m.13 views

FBI: Spike in Hacked Police Emails, Fake Subpoenas

The Federal Bureau of Investigation FBI is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/08/13 4:0 p.m.9 views

Malwarebytes awarded Parent Tested Parent Approved Seal of Approval

We’re delighted to say Malwarebytes has been awarded the Parent Tested Parent Approved Seal of Approval for product excellence. The Seal of Approval is given to products that have earned the trust of families, and serves as a quick and reliable indicator of quality and dependability for parents a...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/11 2:22 a.m.3 views

Malicious code in sap-approved (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f7ea6113d473d2b3e05d7ee871a984c4e83dc443b6cd6b5368f47660560c8d8d The OpenSSF Package Analysis project identified 'sap-approved' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
OSV
OSV
added 2024/07/11 2:22 a.m.6 views

MAL-2024-7559 Malicious code in sap-approved (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f7ea6113d473d2b3e05d7ee871a984c4e83dc443b6cd6b5368f47660560c8d8d The OpenSSF Package Analysis project identified 'sap-approved' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

7.3AI score
Exploits0
OSV
OSV
added 2024/06/26 6:15 a.m.3 views

CVE-2024-5071

The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment the request body to change its status from pending to approved...

6.5CVSS5.8AI score0.004EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/06/26 6:0 a.m.14 views

CVE-2024-5071 Bookster <= 1.1.0 - Unauthenticated Appointment Status Update

The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment the request body to change its status from pending to approved...

6.7AI score0.004EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/06/26 6:0 a.m.23 views

CVE-2024-5071 Bookster <= 1.1.0 - Unauthenticated Appointment Status Update

The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment the request body to change its status from pending to approved...

0.004EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/06/26 12:0 a.m.3 views

WordPress Plugin Bookster Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.5CVSS6.6AI score0.004EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.5 views

PT-2024-34395 · WordPress · The Bookster

Name of the Vulnerable Software and Affected Versions: The Bookster WordPress plugin versions prior to 1.1.1 Description: The issue allows attackers to manipulate the data sent when booking an appointment by adding sensitive parameters when validating appointments, potentially changing the status...

6.5CVSS6.7AI score0.004EPSS
Exploits2References2
The Hacker News
The Hacker News
added 2024/05/22 4:46 a.m.12 views

Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings

Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption E2EE for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. "As adversarial threats become more sophisticated, so does the need to safeguard user data," the compa...

7.2AI score
Exploits0
AlmaLinux
AlmaLinux
added 2024/05/22 12:0 a.m.30 views

Moderate: freeglut security update

freeglut is a completely open source alternative to the OpenGL Utility Toolkit GLUT library with an OSI approved free software license. Security Fixes: freeglut: memory leak via glutAddSubMenu function CVE-2024-24258 freeglut: memory leak via glutAddMenuEntry function CVE-2024-24259 For more...

7.5CVSS6.2AI score0.01147EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2024/04/30 9:56 a.m.27 views

Moderate: Red Hat Security Advisory: freeglut security update

An update for freeglut is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS6.7AI score0.01147EPSS
Exploits2References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.34 views

Moderate: freeglut security update

freeglut is a completely open source alternative to the OpenGL Utility Toolkit GLUT library with an OSI approved free software license. Security Fixes: freeglut: memory leak via glutAddSubMenu function CVE-2024-24258 freeglut: memory leak via glutAddMenuEntry function CVE-2024-24259 For more...

7.5CVSS6.6AI score0.01147EPSS
Exploits2References6
Prion
Prion
added 2023/09/14 7:16 p.m.10 views

Open redirect

Rejected reason: This candidate is unused by its CNA...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.1 views

PT-2023-5088 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in access control. It allows a remote attacker to execute arbitrary code in the context of the server account by making a network call. This...

8CVSS9.8AI score0.74671EPSS
Exploits0References9
NVD
NVD
added 2023/09/11 9:15 p.m.35 views

CVE-2023-35667

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.8AI score0.00083EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/11 8:9 p.m.24 views

CVE-2023-35667

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

8AI score0.00083EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.34 views

The rUSDY.transferFrom function can cause reentrancy if is a contract been approved

Lines of code Vulnerability details Impact The rUSDY.transferFrom function can cause reentrancy if is a contract been approved, the function looks like: function transferFrom address sender, address recipient, uint256 amount public returns bool uint256 currentAllowance = allowancessendermsg.sende...

6.8AI score
Exploits0
Rows per page
Query Builder