Lucene search
K

6612 matches found

Cvelist
Cvelist
added 2022/12/06 9:32 p.m.24 views

CVE-2022-45816 WordPress GD bbPress Attachments Plugin <= 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. Stored Cross-Site Scripting XSS vulnerability in GD bbPress Attachments plugin = 4.3.1 on WordPress...

4.8CVSS5.4AI score0.00418EPSS
Exploits0References1
Prion
Prion
added 2022/12/06 1:15 a.m.14 views

Cross site scripting

Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...

5.8CVSS6AI score0.00415EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/12/06 12:33 a.m.46 views

CVE-2022-46151

CVE-2022-46151 affects Querybook, where user-provided data in the error field of the auth callback URL (oauth_auth.py and okta_auth.py) is not escaped, enabling reflected XSS if CSP is not enabled or unsafe-inline is allowed. Affected versions are before 3.14.2. Mitigation: upgrade to Querybook 3...

6.3CVSS6.1AI score0.00415EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/06 12:0 a.m.5 views

PT-2022-27768 · Querybook · Querybook

Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.14.2 Description: The issue concerns Querybook, an open source data querying UI. In affected versions, user-provided data is not escaped in the error field of the auth callback URL in...

6.3CVSS5.9AI score0.00415EPSS
Exploits0References7
OSV
OSV
added 2022/12/01 6:15 p.m.5 views

CVE-2022-3711

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA...

4.3CVSS5.8AI score0.00698EPSS
Exploits0References1
Prion
Prion
added 2022/12/01 6:15 p.m.20 views

Sql injection

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...

3.3CVSS4.7AI score0.00698EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/12/01 6:15 p.m.16 views

Sql injection

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA...

4CVSS5.2AI score0.00698EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/12/01 12:0 a.m.70 views

CVE-2022-3696

The CVE-2022-3696 entry describes a post-auth code-injection vulnerability in Sophos Firewall Webadmin, affecting releases prior to 19.5 GA. The issue allows an administrator to execute code via the Webadmin interface with high impact (code execution, confidentiality/ integrity/ availability impa...

7.2CVSS7.1AI score0.01102EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/01 12:0 a.m.5 views

PT-2022-23706 · Sophos · Sophos Firewall

Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to 19.5 GA Description: A post-auth code injection issue allows admins to execute code in the Webadmin of Sophos Firewall. This issue does not specify the estimated number of potentially affected devices worldwi...

7.2CVSS7.2AI score0.01102EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/12/01 12:0 a.m.33 views

CVE-2022-3696

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA...

7.2CVSS7.4AI score0.01102EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/11/29 2:15 p.m.2 views

CVE-2022-46146

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

8.8CVSS7.2AI score0.01166EPSS
Exploits1References13Affected Software1
OSV
OSV
added 2022/11/29 2:15 p.m.9 views

AZL-41992 CVE-2022-46146 affecting package prometheus-process-exporter for versions less than 0.8.2-1

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

8.8CVSS7.2AI score0.01166EPSS
Exploits1References1
OSV
OSV
added 2022/11/29 2:15 p.m.3 views

UBUNTU-CVE-2022-46146

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

8.8CVSS7.3AI score0.01166EPSS
Exploits1References9
Veracode
Veracode
added 2022/11/28 6:39 a.m.24 views

SQL Injection

org.opendaylight.aaa:aaa-idm-store-h2 is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the deleteRole function in RoleStore.java allows a malicious user to inject and execute arbitrary SQL queries on the target system, when the API interface /auth/v1/roles/ ...

7.5CVSS8.2AI score0.00599EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2022/11/28 5:56 a.m.26 views

SQL Injection

org.opendaylight.aaa:aaa-idm-store-h2 is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the deleteUser function in UserStore.java allows a malicious user to inject and execute arbitrary SQL queries on the target system, when the /auth/v1/users/ API interface ...

7.5CVSS8.2AI score0.00543EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/11/27 12:0 a.m.30 views

CVE-2022-45930

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...

8.2AI score0.00687EPSS
Exploits1References2
CVE
CVE
added 2022/11/22 7:45 a.m.53 views

CVE-2022-45363

Affected software: Muffingroup Betheme theme for WordPress (versions up to 26.6.1). The issue is a Stored Cross‑Site Scripting (XSS) vulnerability in subscriber+ context, caused by insufficient sanitization/escaping of user input in the theme. Impact as stated: XSS could be triggered by authentic...

5.4CVSS5.2AI score0.00383EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/11/22 12:0 a.m.21 views

WordPress SMSA Shipping for WooCommerce premium plugin <= 1.0.4 - Auth. Arbitrary File Download vulnerability

Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress SMSA Shipping for WooCommerce premium plugin versions = 1.0.4. Solution Update the WordPress SMSA Shipping for WooCommerce plugin to the latest available version at least 1.0.5...

3.5AI score0.00382EPSS
Exploits2References1Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/21 12:58 p.m.3 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
OSV
OSV
added 2022/11/21 11:15 a.m.3 views

CVE-2021-24649

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via...

9.8CVSS5.8AI score0.00646EPSS
Exploits2References1
Rows per page
Query Builder