Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

26 matches found

Code423n4
Code423n4added 2022/05/02 12:0 a.m.12 views

User can call liquidate() and steal all collateral due to arbitrary router call

Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...

7.2AI score
Exploits0
Cvelist
Cvelistadded 2022/04/18 5:10 p.m.27 views

CVE-2022-1020 Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...

9.7AI score0.26228EPSS
Exploits2References1
WPVulnDB
WPVulnDBadded 2022/03/22 12:0 a.m.23 views

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...

9.8CVSS4.1AI score0.26228EPSS
Exploits2Affected Software1
wpexploit
wpexploitadded 2022/03/22 12:0 a.m.83 views

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...

9.8CVSS3AI score0.26228EPSS
Exploits2
exploitpack
exploitpackadded 2019/04/08 12:0 a.m.10504 views

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation ?php CARPE DIEM: CVE-2019-0211 Apache Root Privilege Escalation Charles Fol @cfreal 2019-04-08 INFOS https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html USAGE 1. Upload exploit to Apache HTTP serv...

7.2CVSS0.8AI score0.65005EPSS
Exploits8
Hacker One
Hacker Oneadded 2019/04/02 3:17 p.m.1405 views

Internet Bug Bounty: Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation

Hello, I reported a Local Root privilege escalation vulnerability on Apache HTTPd at the beginning of the year. Apache has now patched it, as you can see here. The vulnerability affects modprefork, modevent, and modworker, the most used mods on Linux. Basically, this is an arbitrary function call...

7.2CVSS9.1AI score0.65116EPSS
Exploits14
Rows per page
Query Builder