Lucene search
K

6611 matches found

Grafana
Grafana
added 2023/04/26 12:0 a.m.7 views

JWT URL-login flow leaks token to data sources through request parameter in proxy requests

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the “urllogin” configuration option disabled by default, a...

7.5CVSS7.1AI score0.01504EPSS
Exploits1
NVD
NVD
added 2023/04/25 8:15 p.m.12 views

CVE-2023-24005

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin = 2.5.3 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/04/25 8:15 p.m.43 views

CVE-2023-23710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin = 7.5.14 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/25 7:45 p.m.17 views

CVE-2023-24005 WordPress Inline Tweet Sharer – Twitter Sharing Plugin Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin = 2.5.3 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2023/04/25 7:45 p.m.34 views

CVE-2023-24005

Affects WordPress plugin WordPress Inline Tweet Sharer – Twitter Sharing Plugin (Plugin

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/25 7:41 p.m.55 views

CVE-2023-23710

The CVE-2023-23710 entry concerns the miniOrange WordPress Social Login and Register plugin (Discord, Google, Twitter, LinkedIn) with versions

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/25 7:30 p.m.33 views

CVE-2023-23866

The CVE-2023-23866 entry concerns the WordPress plugin Interactive Geo Maps (Carlos Moreira) ≤ 1.5.8, with a Stored Cross-Site Scripting (XSS) flaw caused by inadequate escaping/validation of shortcode attributes. This allows contributors (and higher) to inject scripts that are persisted in pages...

6.5CVSS5.3AI score0.00393EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/25 7:24 p.m.25 views

CVE-2023-23889 WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Paypal Payments plugin = 5.7.25 versions...

6.5CVSS6AI score0.00361EPSS
Exploits0References1
Prion
Prion
added 2023/04/25 7:15 p.m.16 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in George Pattihis Link Juice Keeper plugin = 2.0.2 versions...

4.3CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/25 7:13 p.m.49 views

CVE-2023-25461

CVE-2023-25461 affects namithjawahar Wp-Insert plugin

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/25 6:40 p.m.32 views

CVE-2023-25793

CVE-2023-25793 describes a stored XSS vulnerability in the WordPress plugin Link Juice Keeper, affecting versions

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/25 6:40 p.m.15 views

CVE-2023-25793 WordPress Link Juice Keeper Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in George Pattihis Link Juice Keeper plugin = 2.0.2 versions...

5.9CVSS5.5AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2023/04/25 4:50 p.m.32 views

CVE-2023-25484

CVE-2023-25484 affects the WordPress plugin Simple Yearly Archive (Oliver Schlöbe) up to version 2.1.8. It is a Stored XSS vulnerability that requires admin+ authentication to exploit. Public sources specify the vulnerable component as the plugin’s code handling user input, with the impact descri...

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/25 12:15 p.m.10 views

Cross site scripting

Auth subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Macho Themes Regina Lite theme = 2.0.7 versions...

4.9CVSS5.3AI score0.00361EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/25 11:46 a.m.35 views

CVE-2023-25490

CVE-2023-25490 concerns the WordPress plugin Archivist – Custom Archive Templates (versions

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/25 11:34 a.m.36 views

CVE-2023-25710

CVE-2023-25710 affects the WordPress plugin DigitalBLUE Click to Call or Chat Buttons up to version 1.4.0. The issue is a Stored Cross-Site Scripting (XSS) vulnerability requiring admin+ privileges. The root cause is an XSS flaw stored in the plugin, with impact limited to confidentiality and int...

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2023/04/25 12:0 a.m.316 views

Sophos Web Appliance 4.3.10.4 - Pre-auth command injection

!/bin/bash Exploit Title: Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit Author: Behnam Abasi Vanda Vendor Homepage: https://www.sophos.com Version: Sophos Web Appliance older than version 4.3.10.4 Tested on: Ubuntu CVE : CVE-2023-1671 Shodan Dork: title:"Sophos Web Appliance"...

9.8CVSS9.8AI score0.99999EPSS
Exploits10
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.21 views

CVE-2022-40482

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...

5.7AI score0.00881EPSS
Exploits1References4
0day.today
0day.today
added 2023/04/25 12:0 a.m.300 views

Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit

!/bin/bash Exploit Title: Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit Author: Behnam Abasi Vanda Vendor Homepage: https://www.sophos.com Version: Sophos Web Appliance older than version 4.3.10.4 Tested on: Ubuntu CVE : CVE-2023-1671 Shodan Dork: title:"Sophos Web Appliance"...

9.8CVSS9.2AI score0.99999EPSS
Exploits10
NVD
NVD
added 2023/04/24 5:15 p.m.14 views

CVE-2022-41612

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Shareaholic Similar Posts plugin = 3.1.6 versions...

5.9CVSS5.4AI score0.00394EPSS
Exploits0References1
Rows per page
Query Builder