Lucene search
K

6611 matches found

CVE
CVE
added 2023/03/21 5:36 a.m.54 views

CVE-2022-41831

CVE-2022-41831 affects the TCBarrett WP Glossary WordPress plugin up to version 3.1.2. An Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability exists, with exploitability reported for users with contributor or higher permissions. Some sources note no patched version is available; others ...

5.4CVSS5.3AI score0.00383EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/20 11:36 a.m.39 views

CVE-2023-22680

CVE-2023-22680 affects the WordPress plugin No API Amazon Affiliate (Altanic No API Amazon Affiliate) 4.2.2 (4.4.0) with low severity. No public exploit details are provided in the connected documents. Remediation: upgrade to a version greater than 4.2.2 (e.g., 4.4.0+). If upgrading is not feasib...

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/20 11:31 a.m.49 views

CVE-2023-22679

CVE-2023-22679 affects the WordPress WP Better Emails plugin, version

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/20 10:40 a.m.46 views

CVE-2023-25064

CVE-2023-25064 affects the WordPress plugin WP htpasswd (Plugin

5.9CVSS4.9AI score0.00394EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/20 9:49 a.m.41 views

CVE-2023-25782

CVE-2023-25782 affects the WordPress plugin Service Area Postcode Checker ≤ 2.0.8. The issue is an authentication-related Cross‑Site Scripting flaw that can be triggered with admin+ privileges, per CVE and vendor records. Root cause described in related advisories is insufficient sanitization/esc...

5.9CVSS5.2AI score0.00369EPSS
Exploits0References1Affected Software1
Nuclei
Nuclei
added 2023/03/18 10:7 p.m.15 views

SEO Panel 4.8.0 - Blind SQL Injection

SEO Panel 4.8.0 is susceptible to time-based blind SQL injection via the ordercol parameter in archive.php. An attacker can potentially retrieve all databases and thus obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...

7.2CVSS7.4AI score0.10672EPSS
Exploits4References5
Veracode
Veracode
added 2023/03/14 3:30 a.m.23 views

Cross-Site Request Forgery (CSRF)

next-auth is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the missing state, nonce, and PKCE checks for OAuth authentication, which allows an attacker to bypass the CSRF protection...

8.8CVSS8.5AI score0.00538EPSS
Exploits1References8Affected Software1
vulnersOsv
vulnersOsv
added 2023/03/13 8:52 p.m.6 views

@app-box/web (=1.0.0), @chirpy-dev/analytics (=0.0.1) +46 more potentially affected by CVE-2023-27490 via next-auth (>=0.0.0-manual.83c4ebd1 <=4.1.2)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =4.0.0-alpha.24, =4.0.0-alpha.1, =4.0.0-alpha.6, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.13.3 and more Source cves: CVE-2023-27490 Source advisory: OSV:GHSA-7R7X-4C4Q-C4QF...

8.8CVSS7.2AI score0.00538EPSS
Exploits1
OSV
OSV
added 2023/03/13 8:52 p.m.26 views

GHSA-7R7X-4C4Q-C4QF Missing proper state, nonce and PKCE checks for OAuth authentication

Impact next-auth applications using OAuth provider versions before v4.20.1 are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to log in as the victim, bypassing...

8.1CVSS8.1AI score0.00538EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2023/03/13 8:52 p.m.52 views

Missing proper state, nonce and PKCE checks for OAuth authentication

Impact next-auth applications using OAuth provider versions before v4.20.1 are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to log in as the victim, bypassing...

8.8CVSS8.3AI score0.00538EPSS
Exploits1References10Affected Software1
OpenVAS
OpenVAS
added 2023/03/13 12:0 a.m.17 views

Debian: Security Advisory (DLA-3359-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.3AI score0.01423EPSS
Exploits0References4
Debian
Debian
added 2023/03/12 8:45 p.m.22 views

[SECURITY] [DLA 3359-1] libapache2-mod-auth-mellon security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3359-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 13, 2023 https://wiki.debian.org/LTS -...

6.1CVSS7.2AI score0.01423EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/12 12:0 a.m.39 views

Debian dla-3359 : libapache2-mod-auth-mellon - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3359 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3359-1 [email protected]...

6.1CVSS6.9AI score0.01423EPSS
Exploits0References6
NVD
NVD
added 2023/03/11 12:15 a.m.17 views

CVE-2023-24999

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...

8.1CVSS5.8AI score0.00597EPSS
Exploits0References2
OSV
OSV
added 2023/03/11 12:15 a.m.24 views

CVE-2023-24999

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...

8.1CVSS8.1AI score
Exploits0References2
Prion
Prion
added 2023/03/11 12:15 a.m.17 views

Denial of service

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...

5.5CVSS7.7AI score0.00597EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/10 12:0 a.m.44 views

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

10AI score0.00877EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/06 1:33 p.m.4 views

CVE-2023-0328 WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete...

7.2AI score0.00801EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2023/03/02 4:14 a.m.4 views

SUSE CVE-2019-11494

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command...

7.5CVSS7AI score0.02433EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2023/03/02 12:0 a.m.277 views

Real Estate CRM Pro 5.7 SQL Injection

==================================================================================================================================== | Title : Real Estate CRM Pro v 5.7 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-b...

0.1AI score
Exploits0
Rows per page
Query Builder