Lucene search
K

6623 matches found

Packet Storm
Packet Storm
added 2023/08/11 12:0 a.m.363 views

Greeva 2.0 SQL Injection

==================================================================================================================================== | Title : Greeva 2.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | | Vendo...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2023/08/10 1:19 p.m.31 views

CVE-2023-38397 WordPress Gestion-Pymes Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eggemplo Gestion-Pymes plugin = 1.5.6 versions...

5.9CVSS5.5AI score0.00316EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/10 12:22 p.m.19 views

CVE-2023-23828 WordPress WP Category Post List Widget Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Swashata WP Category Post List Widget plugin = 2.0.3 versions...

6.5CVSS6AI score0.00367EPSS
Exploits0References1
CVE
CVE
added 2023/08/10 12:22 p.m.36 views

CVE-2023-23828

CVE-2023-23828 affects the WordPress plugin Swashata WP Category Post List Widget (versions

6.5CVSS5.4AI score0.00367EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/10 11:24 a.m.43 views

CVE-2023-34374

The CVE-2023-34374 entry concerns the AnsPress WordPress plugin (versions

5.9CVSS5AI score0.00295EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/10 11:24 a.m.22 views

CVE-2023-34374 WordPress AnsPress – Question and answer Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Rahul Aryan AnsPress plugin = 4.3.0 versions...

5.9CVSS5.5AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2023/08/10 11:15 a.m.30 views

CVE-2023-23871

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Webdzier Button plugin = 1.1.23 versions...

5.9CVSS5.4AI score0.00366EPSS
Exploits0References1
Prion
Prion
added 2023/08/10 10:15 a.m.24 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin = 2.0.0 versions...

4.3CVSS4.8AI score0.00316EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/10 10:14 a.m.62 views

CVE-2023-24009

Wpazure Themes Upfrontwp Theme

5.4CVSS5.7AI score0.00328EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/10 10:4 a.m.41 views

CVE-2023-23798 WordPress Layer Slider Plugin <= 1.1.9.7 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Muneeb Layer Slider plugin = 1.1.9.7 versions...

6.5CVSS6AI score0.00367EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2023/08/10 12:0 a.m.324 views

Digisha CMS 1.2.7 SQL Injection

==================================================================================================================================== | Title : Digisha CMS V1.2.7 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | ...

7.1AI score
Exploits0
Prion
Prion
added 2023/08/09 4:15 p.m.20 views

Design/Logic Flaw

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1...

7.5CVSS7.1AI score0.0038EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/09 3:6 p.m.29 views

CVE-2023-3518 JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1...

7.4CVSS7.6AI score0.0038EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/09 3:6 p.m.17 views

CVE-2023-3518 JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1...

7.4CVSS7.2AI score0.0038EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/08/09 3:6 p.m.25 views

CVE-2023-3518

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1...

7.4CVSS7.1AI score0.0038EPSS
Exploits0
CVE
CVE
added 2023/08/09 3:6 p.m.2853 views

CVE-2023-3518

HashiCorp Consul and Consul Enterprise 1.16.0 had a vulnerability in JWT-based service-mesh authentication that allowed or denied access independent of service identities. The issue is fixed in version 1.16.1. No exploitation details are provided in the connected documents. Affected product/versi...

7.4CVSS7.1AI score0.0038EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/08/08 8:46 p.m.23 views

GHSA-9JCQ-JF57-C62C Privilege escalation via ApiTokensEndpoint

Impact An attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on https://sentry.io. For...

8.1CVSS7.9AI score0.00849EPSS
Exploits1References7
CVE
CVE
added 2023/08/08 12:46 p.m.45 views

CVE-2023-31221

CVE-2023-31221 affects the PDQ CSV WordPress plugin (WordPress PDQ CSV) with an Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in versions = 1.0.0. Monitoring for updates is advised if further details emerge.

5.9CVSS5.1AI score0.00316EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/08 12:35 p.m.64 views

CVE-2023-28931

Never5 Post Connector plugin prior to 1.0.9 is affected by a Stored Cross‑Site Scripting (XSS) vulnerability requiring admin+ authentication. The issue is mitigated by upgrading to version 1.0.9 or later.

5.9CVSS5.1AI score0.00316EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/08 12:25 p.m.70 views

CVE-2023-28934

CVE-2023-28934 relates to a stored XSS vulnerability in the WordPress plugin WP Full Stripe Free (Mammothology WP Full Stripe Free) for versions ≤ 1.6.1. The flaw requires admin+ authentication and can be triggered via input handling within the plugin, enabling stored cross-site scripting. Public...

5.9CVSS5AI score0.00316EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder