Lucene search
K

6609 matches found

CVE
CVE
added 2023/06/22 7:42 a.m.40 views

CVE-2023-27413

CVE-2023-27413 affects WordPress W4 Post List plugin versions

6.5CVSS5.5AI score0.00399EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/21 1:19 p.m.38 views

CVE-2023-27429

CVE-2023-27429 affects the WordPress Jetpack CRM plugin, versions

5.9CVSS5AI score0.00396EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/21 12:42 p.m.42 views

CVE-2023-27443

CVE-2023-27443 affects the Grant Kimball Simple Vimeo Shortcode plugin for WordPress, specifically versions

6.5CVSS5.5AI score0.00361EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/20 7:57 a.m.35 views

CVE-2023-35878

The CVE-2023-35878 entry concerns the WordPress plugin Extra User Details by Vadym K. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw affecting versions

5.9CVSS5.2AI score0.00397EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/20 7:53 a.m.39 views

CVE-2023-35882

CVE-2023-35882 is a stored XSS vulnerability in WordPress plugin Team Heateor Super Socializer (≤7.13.52). The issue affects users with contributor or higher privileges, allowing injection of scripts via stored payloads. Patch guidance from multiple sources indicates the fix is in version 7.13.53...

6.5CVSS5.5AI score0.00416EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/19 1:27 p.m.13 views

CVE-2023-35776 WordPress Sermon'e – Sermons Online Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Beplus Sermon'e – Sermons Online plugin = 1.0.0 versions...

6.5CVSS6AI score0.00511EPSS
Exploits0References1
CVE
CVE
added 2023/06/19 1:21 p.m.35 views

CVE-2023-35779

CVE-2023-35779 applies to the Seed Fonts plugin by Seed Webs for WordPress, affecting versions

5.9CVSS5.1AI score0.00369EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/19 12:0 a.m.5 views

PT-2023-3171 · Zyxel · Zyxel Nas326 +2

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions prior to V5.21AAZF.14C0 Zyxel NAS540 versions prior to V5.21AATB.11C0 Zyxel NAS542 versions prior to V5.21ABAG.11C0 Description: The pre-authentication command injection issue in Zyxel NAS devices could allow an...

10CVSS10AI score0.84195EPSS
Exploits0References8
CVE
CVE
added 2023/06/16 11:2 a.m.41 views

CVE-2023-26527

CVE-2023-26527 affects the WordPress plugin Debug Assistant (WPIndeed Debug Assistant) with a stored XSS vulnerability in versions

5.9CVSS5AI score0.00442EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/06/16 10:41 a.m.47 views

CVE-2023-26515

CVE-2023-26515 affects the WordPress plugin Simple Slug Translate (Ko Takagi) , versioned ≤ 2.7.2. The issue is a Stored XSS requiring admin+ privileges . A fix is available in version 2.7.3 ; affected users should upgrade to 2.7.3 or later. Other sources corroborate the same vulnerability scope ...

5.9CVSS5AI score0.00369EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/16 10:41 a.m.19 views

CVE-2023-26515 WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ko Takagi Simple Slug Translate plugin = 2.7.2 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/16 8:56 a.m.22 views

CVE-2023-26541 WordPress asMember Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alexander Suess asMember plugin = 1.5.4 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/16 8:37 a.m.17 views

CVE-2023-26013 WordPress Strong Testimonials Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WPChill Strong Testimonials plugin = 3.0.2 versions...

6.5CVSS5.6AI score0.0037EPSS
Exploits0References1
CVE
CVE
added 2023/06/16 8:37 a.m.45 views

CVE-2023-26013

The CVE-2023-26013 entry concerns the WordPress plugin WPChill Strong Testimonials, affected through stored XSS in versions

6.5CVSS5.5AI score0.0037EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2023/06/16 4:39 a.m.20 views

Open Redirect

@keystone-6/auth is vulnerable to Open Redirect. The vulnerability exists due to improper path sanitization which can result in users being redirected to domains other than the relative host by bypassing the / filter...

6.1CVSS6.8AI score0.00407EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/06/15 9:15 p.m.21 views

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

6.1CVSS6.1AI score0.00393EPSS
Exploits0References2
CVE
CVE
added 2023/06/15 12:28 p.m.43 views

CVE-2023-25972

CVE-2023-25972 affects the WordPress Старт plugin by IKSWEB, with a stored XSS vulnerability in versions

5.9CVSS5AI score0.00392EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2023/06/15 12:0 a.m.454 views

PyLoad 0.5.0 Remote Code Execution

Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...

9.8CVSS7.1AI score0.96988EPSS
Exploits13
Github Security Blog
Github Security Blog
added 2023/06/14 2:54 p.m.64 views

@keystone-6/auth Open Redirect vulnerability

Summary There is an open redirect in the @keystone-6/auth package, where the redirect leading / filter can be bypassed. Impact Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. Mitigations - Don't u...

6.1CVSS6.7AI score0.00407EPSS
Exploits0References4Affected Software1
Exploit DB
Exploit DB
added 2023/06/14 12:0 a.m.308 views

PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...

9.8CVSS9.8AI score0.96988EPSS
Exploits13
Rows per page
Query Builder