Lucene search
K

6611 matches found

GithubExploit
GithubExploit
added 2023/04/24 3:53 p.m.364 views

Exploit for Command Injection in Sophos Web_Appliance

Dork fofa title="Sophos Web Appliance" || app="Sophos-W...

9.8CVSS9.6AI score0.99999EPSS
Exploits10
CVE
CVE
added 2023/04/24 1:48 p.m.65 views

CVE-2023-23892

CVE-2023-23892 affects the WordPress plugin “M Chart” by Jamie Poitra. Versions 1.9.4, specifically 1.10, to mitigate. Reported impact is confined to XSS with a Moderate CVSS baseline in public sources, and there is no explicit public exploitation detail in the provided documents. Recommend appl...

6.5CVSS5.3AI score0.00383EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/04/24 1:15 p.m.21 views

CVE-2022-48477

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...

9.8CVSS5.6AI score0.00482EPSS
Exploits0References1
Prion
Prion
added 2023/04/24 1:15 p.m.20 views

Design/Logic Flaw

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...

7.5CVSS9.3AI score0.00482EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/24 12:21 p.m.28 views

CVE-2022-48477

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...

4.1CVSS9.6AI score0.00482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/24 12:21 p.m.10 views

CVE-2022-48477

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...

4.1CVSS9.5AI score0.00482EPSS
Exploits0References1
CVE
CVE
added 2023/04/24 12:21 p.m.50 views

CVE-2022-48477

JetBrains Hub prior to 2023.1.15725 contains a missing SSRF protection in the Auth Module integration. This affects JetBrains Hub versions before 2023.1.15725. Remediation: update to 2023.1.15725 or later (or apply restrictions to Auth Module access as a temporary workaround). The connected sourc...

9.8CVSS9.3AI score0.00482EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.7 views

PT-2023-15810 · Jetbrains · Jetbrains Hub

Name of the Vulnerable Software and Affected Versions: JetBrains Hub versions prior to 2023.1.15725 Description: The issue concerns a missing Server-Side Request Forgery SSRF protection in the Auth Module integration. This could potentially allow for unauthorized access or actions. No information...

9.8CVSS9.3AI score0.00482EPSS
Exploits0References5
Prion
Prion
added 2023/04/23 11:15 a.m.14 views

Cross site scripting

Auth. contrinbutor+ Cross-Site Scripting XSS vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin = 1.9 versions...

4.9CVSS5.3AI score0.00361EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/23 10:31 a.m.41 views

CVE-2023-23816

CVE-2023-23816 is an authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Sitemap Index prior to version 1.2.3. Public sources consistently describe the issue as XSS that requires administrator privileges to exploit, affecting the plugin’s sitemap index handling...

5.9CVSS5AI score0.00397EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/23 10:27 a.m.48 views

CVE-2023-23817

CVE-2023-23817 details an XSS vulnerability in the WordPress Simple PDF Viewer (WebArea) Vera Nedvyzhenko plugin, affected versions 1.9 where available; monitor vendor advisories for a confirmed fixed release.

6.5CVSS5.4AI score0.00361EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/23 10:15 a.m.12 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Karishma Arora AI Contact Us Form plugin = 1.0 versions...

4.3CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/23 10:12 a.m.40 views

CVE-2023-23717

CVE-2023-23717 affects the WordPress plugin Portfolio Slideshow (George Gecewicz) up to version 1.13.0. It is a Cross-Site Scripting (XSS) vulnerability that can be triggered by users with contributor+ privileges; exploitation details are not provided in the documents, but Patchstack lists a low ...

6.5CVSS5.4AI score0.0037EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/23 9:59 a.m.26 views

CVE-2022-44743 WordPress Jobs for WordPress Plugin <= 2.5.11.2 is vulnerable to Cross Site Scripting (XSS)

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in BlueGlass Jobs for WordPress plugin = 2.5.11.2 versions...

6.5CVSS6AI score0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/23 9:52 a.m.25 views

CVE-2022-45361 WordPress 0mk Shortener Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Boris Kuzmanov 0mk Shortener plugin = 0.2 versions...

5.9CVSS5.5AI score0.00394EPSS
Exploits0References1
CVE
CVE
added 2023/04/23 9:52 a.m.65 views

CVE-2022-45361

CVE-2022-45361 affects the WordPress plugin 0mk Shortener up to version 0.2. The root cause is inadequate sanitisation/escaping of settings, enabling an authenticated admin+ to perform a Stored XSS, even when unfiltered_html is disallowed. Impact is described as admin-level XSS with low confident...

5.9CVSS5AI score0.00394EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/23 9:38 a.m.42 views

CVE-2023-24386

The CVE refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Karishma Arora AI Contact Us Form” versions &lt;= 1.0. The issue is described as Auth. (admin+) XSS, indicating that authenticated users with admin-level privileges can exploit it. The root cause document...

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/23 9:32 a.m.33 views

CVE-2023-22698

CVE-2023-22698 affects WordPress Theme Blvd Responsive Google Maps Plugin (versions

6.5CVSS5.5AI score0.00383EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/23 9:2 a.m.33 views

CVE-2022-44594

Codebangers All in One Time Clock Lite plugin for WordPress is affected by a Stored XSS vulnerability in versions prior to 1.3.321 (the CVE-2022-44594 family). Exploitation concerns admin users (administrative privilege level). Mitigation: upgrade to version 1.3.321 or later to fix the issue. If ...

4.8CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2023/04/20 12:0 a.m.317 views

Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Exploit

!/usr/bin/python3 Exploit Title: Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Date: 2023/04/13 ExploitAuthor: msd0pe Project: https://github.com/waqaskanju/Chitor-CMS My Github: https://github.com/msd0pe-1 Patched the 2023/04/16: 69d3442 commit description = 'Chitor-CMS 1.1.2 Pre-Auth SQL Injection...

6.8AI score
Exploits0
Rows per page
Query Builder