Lucene search
K

6611 matches found

Cvelist
Cvelist
added 2023/04/04 12:0 a.m.36 views

CVE-2022-4934

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code...

7.2CVSS7.6AI score0.01819EPSS
Exploits0References1
CVE
CVE
added 2023/04/04 12:0 a.m.327 views

CVE-2023-1671

CVE-2023-1671 affects Sophos Web Appliance older than 4.3.10.4, with a pre-auth command-injection in the warn-proceed handler that allows remote code execution. Public analyses and PoCs describe how user-supplied parameters flow to shell commands, enabling arbitrary code execution without authent...

9.8CVSS9.6AI score0.99999EPSS
In wildExploits10References3Affected Software1
0day.today
0day.today
added 2023/03/31 12:0 a.m.139 views

Judging Management System v1.0 - Remote Code Execution Exploit

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html Version: 1.0...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/31 12:0 a.m.175 views

Judging Management System v1.0 - Remote Code Execution (RCE)

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...

7.4AI score
Exploits0
NVD
NVD
added 2023/03/30 11:15 a.m.14 views

CVE-2023-23670

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Team Heateor Fancy Comments WordPress plugin = 1.2.10 versions...

6.5CVSS6AI score0.00361EPSS
Exploits0References1
CVE
CVE
added 2023/03/30 11:6 a.m.51 views

CVE-2023-23681

CVE-2023-23681 affects the WordPress plugin Image Hover Effects For WPBakery Page Builder, specifically versions

6.5CVSS5.3AI score0.00383EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/30 10:48 a.m.29 views

CVE-2023-23675 WordPress WP Smart Preloader Plugin <= 1.15 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Catchsquare WP Smart Preloader plugin = 1.15 versions...

5.9CVSS5.5AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2023/03/30 10:44 a.m.59 views

CVE-2023-23670

CVE-2023-23670 corresponds to an Authenticated Cross-Site Scripting (XSS) vulnerability in the Team Heateor Fancy Comments WordPress plugin (versions

6.5CVSS5.4AI score0.00361EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/29 6:51 p.m.37 views

CVE-2022-47607

CVE-2022-47607 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Usersnap plugin, affecting versions

5.9CVSS4.9AI score0.00407EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/29 6:35 p.m.50 views

CVE-2022-45355

CVE-2022-45355 : Authenticated admin+ SQL Injection in the ThimPress WP Pipes plugin prior to 1.34 (affected versions ≤1.33). Root cause: improper sanitization/escaping of SQL input from the plugin, enabling injection with admin privileges. Impact per sources includes data access/modification via...

8.2CVSS7.7AI score0.00628EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/29 4:19 p.m.38 views

CVE-2022-47596

The CVE-2022-47596 entry refers to a Stored Cross-Site Scripting (XSS) vulnerability in the Jeffrey-WP Media Library Categories WordPress plugin, affecting versions = 2.0.0. Other sources corroborate the admin+ authenticated XSS characterization. If upgrading is not possible, apply available miti...

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/29 12:29 p.m.26 views

CVE-2022-47438 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin = 3.2.3 versions...

5.9CVSS5.5AI score0.0038EPSS
Exploits0References1
CVE
CVE
added 2023/03/29 12:29 p.m.49 views

CVE-2022-47438

CVE-2022-47438 affects the WordPress plugin Booking calendar / Appointment Booking System (WpDevArt) up to version 3.2.3. The root cause is a stored XSS vulnerability in parameters that are not escaped, exploitable by authenticated users with Editor or higher privileges. Impact is described as a ...

5.9CVSS5.2AI score0.0038EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/03/28 6:15 p.m.2 views

CVE-2023-27246

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file...

8.8CVSS7.6AI score
Exploits0References1
Prion
Prion
added 2023/03/28 6:15 p.m.12 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file...

6.5CVSS8.8AI score0.008EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/03/28 9:15 a.m.8 views

CVE-2023-25704

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2023/03/28 8:19 a.m.49 views

CVE-2023-25704

CVE-2023-25704 involves a Stored Cross-Site Scripting (XSS) vulnerability in the Mehjabin Orthi Interactive SVG Image Map Builder plugin for WordPress, affecting versions

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/28 8:19 a.m.14 views

CVE-2023-25704 WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin = 1.0 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2023/03/28 7:56 a.m.45 views

CVE-2022-46855

CVE-2022-46855 is a Stored Cross-Site Scripting (XSS) in the WP Darko Responsive Pricing Table plugin, affected versions ≤ 5.1.6. The root cause is insufficient sanitization/escaping of the fields.title parameter, which can allow a contributor (and higher) to inject JavaScript. The vulnerability’...

6.5CVSS5.3AI score0.00492EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/28 12:0 a.m.16 views

CVE-2023-27246

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file...

9AI score0.008EPSS
Exploits0References1
Rows per page
Query Builder