Lucene search
K

6610 matches found

Positive Technologies
Positive Technologies
added 2023/06/04 12:0 a.m.4 views

PT-2023-3552 · D Link · D-Link Di-7500G-Ci

Name of the Vulnerable Software and Affected Versions: D-Link DI-7500G-CI version 19.05.29A Description: A Cross Site Scripting XSS issue allows attackers to execute arbitrary code by uploading a crafted HTML file to the "interface /auth pic.cgi". The vulnerability is related to the lack of...

5.8CVSS6.9AI score0.0063EPSS
Exploits1References5
OSV
OSV
added 2023/06/03 11:5 a.m.4 views

OESA-2023-1306 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

6.5CVSS7.1AI score0.01314EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.4 views

PT-2023-24824 · Jetbrains · Jetbrains Ktor

Name of the Vulnerable Software and Affected Versions: JetBrains Ktor versions prior to 2.3.1 Description: The issue allows headers containing authentication data to be added to the exception's message. This could potentially expose sensitive information. Recommendations: For versions prior to...

3.3CVSS3.9AI score0.0021EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.3 views

PT-2023-14315 · Rancher · Rancher

Name of the Vulnerable Software and Affected Versions: Rancher versions 2.6.0 through 2.6.12 Rancher versions 2.7.0 through 2.7.3 Description: An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue allows users in higher-privileged groups to inject code execut...

8.4CVSS8.4AI score0.00714EPSS
Exploits0References10
Huntr
Huntr
added 2023/05/30 9:10 a.m.15 views

missing permission check for API /setting/workspace/member/update

Proof of Concept 1 user1 是workspace1的空间管理员 2 user2 是workspace1的成员 3 user1 更新user2的信息,比如将其更新为空间管理员 4 使用burpsuite拦截请求 POST /setting/workspace/member/update HTTP/1.1 Host: 192.168.213.128:8081 Content-Length: 144 Accept-Language: zh-CN WORKSPACE: bd6fc04b-15af-43dc-8cb6-411deaec81a7 User-Agent:...

6.5CVSS7AI score0.00589EPSS
Exploits1
Prion
Prion
added 2023/05/28 7:15 p.m.24 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CRM Perks Contact Form Entries plugin = 1.3.0 versions...

4.9CVSS5.2AI score0.00397EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/28 6:32 p.m.67 views

CVE-2023-33311

CVE-2023-33311 affects the CRM Perks Contact Form Entries WordPress plugin (

6.5CVSS5.5AI score0.00397EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/28 6:32 p.m.25 views

CVE-2023-33311 WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CRM Perks Contact Form Entries plugin = 1.3.0 versions...

6.5CVSS6AI score0.00397EPSS
Exploits0References1
Prion
Prion
added 2023/05/28 6:15 p.m.15 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nose Graze Novelist plugin = 1.2.0 versions...

4.3CVSS4.8AI score0.00369EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/26 11:15 p.m.23 views

Design/Logic Flaw

Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issu...

4CVSS6.4AI score0.00697EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2023/05/24 12:0 a.m.279 views

Stackposts Social Marketing Tool 1.0 SQL Injection

Exploit Title: Stackposts Social Marketing Tool v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/stackposts-social-marketing-tool/21747459 Demo Site: https://demo.stackposts.com Tested on: Kali Linux CVE: N/A Request POST /spmo/auth/login...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2023/05/19 12:0 a.m.20 views

Debian: Security Advisory (DSA-5405-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01327EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/05/18 10:21 a.m.9 views

CVE-2023-23667 WordPress Brands for WooCommerce Plugin <= 3.7.0.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in BeRocket Brands for WooCommerce plugin = 3.7.0.6 versions...

6.5CVSS5.6AI score0.00361EPSS
Exploits0References1
CVE
CVE
added 2023/05/18 10:14 a.m.108 views

CVE-2023-23999

MonsterInsights (WordPress Google Analytics by MonsterInsights) plugin

6.5CVSS5.4AI score0.0037EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/18 10:9 a.m.19 views

CVE-2022-47157 WordPress WP Custom Fields Search Plugin <= 1.2.34 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Don Benjamin WP Custom Fields Search plugin = 1.2.34 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/05/18 2:33 a.m.29 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 CNF vRAN extras security update

An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS...

8.2CVSS6.8AI score0.02963EPSS
Exploits0References33
OSV
OSV
added 2023/05/18 12:0 a.m.21 views

DSA-5405-1 libapache2-mod-auth-openidc - security update

Bulletin has no description...

7.5CVSS7.5AI score0.01327EPSS
Exploits0
Veracode
Veracode
added 2023/05/17 5:21 a.m.29 views

Information Disclosure

github.com/etcd-io/etcd is vulnerable to Information Disclosure. The vulnerability exists in the LeaseTimeToLive function of v3server.go because it allows access to key names not value associated with a lease when the Keys parameter is true, even if the user doesn't have read permission to the...

4.3CVSS6.6AI score0.00744EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2023/05/16 6:30 p.m.19 views

GHSA-PMMR-R9V2-59P8 Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability

Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

4.3CVSS8.6AI score0.0045EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.20 views

Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability

Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

8.8CVSS6.7AI score0.0045EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder