Lucene search
K

6611 matches found

Packet Storm
Packet Storm
added 2023/04/20 12:0 a.m.353 views

Chitor-CMS 1.1.2 SQL Injection

!/usr/bin/python3 Exploit Title: Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Date: 2023/04/13 ExploitAuthor: msd0pe Project: https://github.com/waqaskanju/Chitor-CMS My Github: https://github.com/msd0pe-1 Patched the 2023/04/16: 69d3442 commit description = 'Chitor-CMS 1.1.2 Pre-Auth SQL Injection...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.402 views

Chitor-CMS v1.1.2 - Pre-Auth SQL Injection

!/usr/bin/python3 Exploit Title: Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Date: 2023/04/13 ExploitAuthor: msd0pe Project: https://github.com/waqaskanju/Chitor-CMS My Github: https://github.com/msd0pe-1 Patched the 2023/04/16: 69d3442 commit description = 'Chitor-CMS 1.1.2 Pre-Auth SQL Injection...

7.4AI score
Exploits0
CVE
CVE
added 2023/04/18 1:18 p.m.45 views

CVE-2022-44632

CVE-2022-44632 affects the WordPress plugin Denis Buka Content Repeater – Custom Posts Simplified (components: WordPress plugin; vulnerable versions: ≤ 1.1.13). The issue is a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. The root cause is no...

4.8CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/18 12:33 p.m.71 views

CVE-2022-45839

CVE-2022-45839 refers to a stored cross-site scripting (XSS) vulnerability in the WordPress plugin WHA Puzzle (versions ≤ 1.0.9). The issue arises in the plugin’s authentication flow, enabling an attacker with access to the authoring context to inject and store XSS payloads. Multiple sources corr...

5.4CVSS5.2AI score0.0038EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2023/04/16 8:20 p.m.217 views

Exploit for SQL Injection in Waqaskanju Chitor-Cms

CVE-2023-31714 - Chitor-CMS Found by msd0pe https://github.com/...

9.8CVSS9.9AI score0.03278EPSS
Exploits1
Prion
Prion
added 2023/04/16 9:15 a.m.36 views

Cross site scripting

Auth. subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Silkalns Activello theme = 1.4.4 versions...

4.9CVSS5.3AI score0.00471EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/16 8:42 a.m.78 views

CVE-2022-45849

CVE-2022-45849 affects the WordPress Activello theme (versions

5.4CVSS5.3AI score0.00471EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/16 8:29 a.m.175 views

CVE-2022-43458

CVE-2022-43458 affects Code Tides Advanced Floating Content plugin (versions ≤ 1.2.1). The issue is a Cross-Site Scripting (XSS) vulnerability exploitable by users with contributor or higher permissions. Root cause details are not specified beyond the XSS exposure. Mitigation: update to a version...

5.4CVSS4.8AI score0.00386EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/04/14 12:21 p.m.4 views

SUSE-SU-2023:1849-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied bsc1210073...

7.5CVSS7.4AI score0.01327EPSS
Exploits0References3
OSV
OSV
added 2023/04/13 1:4 p.m.8 views

SUSE-SU-2023:1837-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidcvalidateredirecturl using tab character bsc1206441. - CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied bsc1210073...

7.5CVSS6.6AI score0.01327EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/04/13 11:36 a.m.9 views

CVE-2022-45358 WordPress Activello Theme <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Silkalns Activello theme = 1.4.4 versions...

5.4CVSS6AI score0.00393EPSS
Exploits0References1
CVE
CVE
added 2023/04/13 11:36 a.m.55 views

CVE-2022-45358

CVE-2022-45358 affects the Silkalns Activello WordPress theme, versions 1.4.4. There is no explicit information in the provided documents about available in-the-wild exploits beyond the described vulnerability context.

5.4CVSS5.3AI score0.00393EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/12 2:41 p.m.37 views

CVE-2022-47605

CVE-2022-47605 concerns the WordPress plugin Custom 404 Pro by Kunal Nagar. A SQL Injection vulnerability affects versions

7.2CVSS7.6AI score0.00668EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/11 12:0 a.m.18 views

Web Stories < 1.32 - Author+ Auth Bypass

The plugin does not check password protections on posts before performing some actions, allowing users with the Author role or higher to perform unauthorized actions on posts. The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password...

6.5CVSS6.7AI score0.00442EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2023/04/10 8:47 p.m.31 views

CVE-2023-29005 No Rate Limiting on Login AUTH DB

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTHRATELIMITED = True, RATELIMITENABLED = True, and setting an AUTHRATELIMIT...

7.5CVSS7.6AI score0.00629EPSS
Exploits0References2
OSV
OSV
added 2023/04/10 4:37 p.m.26 views

GHSA-9HCR-9HCV-X6PV Flask-AppBuilder Has No Rate Limiting on Login AUTH DB

Impact Lack of rate limiting will allow an attacker to brute-force user credentials. Patches Ability to enable rate limiting on Flask-AppBuilder = 4.3.0. Use AUTHRATELIMITED = True and RATELIMITENABLED = True set the limit itself by using AUTHRATELIMIT. Will apply only to database authentication...

7.5CVSS7.4AI score0.00629EPSS
Exploits0References6
NVD
NVD
added 2023/04/07 2:15 p.m.28 views

CVE-2023-23799

Auth. admin+ Stored Cross-site Scripting XSS vulnerability in Leonardo Giacone Easy Panorama plugin = 1.1.4 versions...

5.9CVSS5.4AI score0.00442EPSS
Exploits1References1
CVE
CVE
added 2023/04/07 1:49 p.m.56 views

CVE-2023-27620

CVE-2023-27620: Stored XSS in RoboSoft Photo Gallery, Images, Slider (Rbs Image Gallery) plugin for WordPress prior to version 3.2.13. Root cause: shortcodes-based input handling allows injection. Affected: Robo Gallery plugin

6.5CVSS5.6AI score0.00478EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/04/07 1:45 p.m.22 views

CVE-2023-25442 WordPress Zeno Font Resizer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-site Scripting XSS vulnerability in Marcel Pol Zeno Font Resizer plugin = 1.7.9 versions...

5.9CVSS5.6AI score0.00442EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/07 12:39 p.m.23 views

CVE-2023-25702 WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-site Scripting XSS vulnerability in Fullworks Quick Paypal Payments plugin = 5.7.25 versions...

5.9CVSS5.6AI score0.00392EPSS
Exploits0References1
Rows per page
Query Builder