Lucene search
K

6610 matches found

Exploit DB
Exploit DB
added 2023/06/14 12:0 a.m.308 views

PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...

9.8CVSS9.8AI score0.96988EPSS
Exploits13
NVD
NVD
added 2023/06/13 5:15 p.m.19 views

CVE-2023-34247

Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package versions 7.0.0 and prior, where the redirect leading / filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to...

6.1CVSS6.2AI score0.00407EPSS
Exploits0References2
Prion
Prion
added 2023/06/13 5:15 p.m.18 views

Open redirect

Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package versions 7.0.0 and prior, where the redirect leading / filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to...

3.5CVSS4.4AI score0.00407EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/06/13 4:31 p.m.47 views

CVE-2023-34247

Keystone is a Node.js-based CMS. There is an Open Redirect in the @keystone-6/auth package up to version 7.0.0, where the redirect leading '/' filter can be bypassed. An attacker may cause users to be redirected to external domains instead of the relative host. Remediation is to apply the patch f...

6.1CVSS5.1AI score0.00407EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/13 4:31 p.m.36 views

CVE-2023-34247 @keystone-6/auth Open Redirect vulnerability

Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package versions 7.0.0 and prior, where the redirect leading / filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to...

6.1CVSS4.8AI score0.00407EPSS
Exploits0References4
CVE
CVE
added 2023/06/13 2:12 p.m.41 views

CVE-2023-26538

CVE-2023-26538 is a Stored XSS in the Kamyabsoft Chat Bee WordPress plugin, affecting versions prior to 1.1.0. The vulnerability requires authentication with admin+ privileges and originates from how input is stored/executed in the plugin. Affected software: Kamyabsoft Chat Bee plugin (WordPress)...

5.9CVSS5AI score0.00369EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/13 2:12 p.m.22 views

CVE-2023-26538 WordPress Chat Bee Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kamyabsoft Chat Bee plugin = 1.1.0 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/13 2:7 p.m.24 views

CVE-2023-25964 WordPress We’re Open! Plugin <= 1.46 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Noah Hearle, Design Extreme We’re Open! plugin = 1.46 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/13 1:40 p.m.15 views

CVE-2023-23831 WordPress Rating Widget Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rating-Widget Rating-Widget: Star Review System plugin = 3.1.9 versions...

6.5CVSS6AI score0.00361EPSS
Exploits0References1
Veracode
Veracode
added 2023/06/13 3:51 a.m.28 views

Cross-site Scripting (XSS)

github.com/rancher/rancher is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the Projects/Namespaces and Auth Provider sections, which allows an attacker with write access to inject and execute malicious code and steal sensitive information, manipulate web content, or perform...

8.4CVSS6.7AI score0.00714EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2023/06/12 1:59 p.m.33 views

CVE-2023-30745 WordPress IP Metaboxes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Phan Chuong IP Metaboxes plugin = 2.1.1 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2023/06/12 1:59 p.m.37 views

CVE-2023-30745

CVE-2023-30745 affects the WordPress plugin IP Metaboxes (Phan Chuong) ≤ 2.1.1. An authenticated admin+ can trigger a Stored XSS due to inadequate sanitization/escaping of settings, potentially affecting admin sessions and loaded pages. The connected documents provide limited detail on exploit st...

5.9CVSS5.1AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/12 1:33 p.m.37 views

CVE-2023-23822

CVE-2023-23822 affects the WordPress plugin UTM Tracker (Ludwig Media)

5.9CVSS5.1AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/12 1:9 p.m.43 views

CVE-2023-23819

CVE-2023-23819 refers to a Stored XSS in the WordPress plugin “itemprop WP for SERP/SEO Rich snippets” (itempropwp). Affected versions are

5.9CVSS5.2AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/12 12:39 p.m.54 views

CVE-2023-23818

CVE-2023-23818 is a Stored XSS vulnerability in the WordPress plugin WP Register Profile With Shortcode (Aviplugins.Com) for versions

5.9CVSS5.1AI score0.00369EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2023/06/12 6:49 a.m.6 views

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now!

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution. The vulnerability, tracked as CVE-2023-27997 , is "reachable pre-authentication, on every SSL VPN appliance," Lexfo Security...

9.8CVSS7.4AI score0.85689EPSS
Exploits10
Packet Storm
Packet Storm
added 2023/06/07 12:0 a.m.266 views

Wizcyb Interactive 2.0 SQL Injection

==================================================================================================================================== | Title : wizcyb interactive v2.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.7 views

PT-2023-12477 · WordPress · Pwa For Wp & Amp

Name of the Vulnerable Software and Affected Versions: PWA for WP & AMP plugin for WordPress versions up to, and including, 1.7.32 Description: The issue is related to authorization bypass due to a missing capability check on the pwaforwp update features options function. This allows authenticate...

6.3CVSS4.5AI score0.00637EPSS
Exploits1References5
Snyk
Snyk
added 2023/06/06 8:20 a.m.2 views

Malicious Package

Overview aspnet-webapi-auth is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

9.8CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2023/06/06 1:51 a.m.22 views

GHSA-46G3-F9R8-XJ4V Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter

Impact A path traversal vulnerability exists in the CMS, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcorelog parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: - Overwrite or...

6.3CVSS7.3AI score0.00854EPSS
Exploits1References5
Rows per page
Query Builder