Lucene search
K

6612 matches found

CVE
CVE
added 2022/11/17 10:8 p.m.69 views

CVE-2022-41791

The CVE-2022-41791 entry concerns an authenticated CSV Injection vulnerability in the WordPress ProfileGrid plugin, affecting versions up to 5.1.6. The vulnerability is tied to ProfileGrid’s handling of CSV uploads/exports, with an impact that, per connected reports, can enable change-authorizati...

8.8CVSS7.7AI score0.00646EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/11/17 10:8 p.m.22 views

CVE-2022-41791 WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability

Auth. subscriber+ CSV Injection vulnerability in ProfileGrid plugin = 5.1.6 on WordPress...

6.8CVSS9AI score0.00646EPSS
Exploits0References1
CVE
CVE
added 2022/11/17 10:2 p.m.52 views

CVE-2021-36905

The CVE-2021-36905 entry describes a stored XSS vulnerability in the WordPress Quiz And Survey Master plugin (versions

5.4CVSS5.4AI score0.00429EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/17 10:2 p.m.19 views

CVE-2021-36905 WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. contributor+ Stored Cross-Site Scripting XSS vulnerabilities in Quiz And Survey Master plugin = 7.3.4 on WordPress...

5.4CVSS5.6AI score0.00429EPSS
Exploits0References2
Patchstack
Patchstack
added 2022/11/17 12:0 a.m.21 views

WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability

Auth. CSV Injection vulnerability discovered by Mika Patchstack Alliance in the WordPress ProfileGrid plugin versions = 5.1.6. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 5.1.8...

8.8CVSS3.8AI score0.00646EPSS
Exploits0Affected Software1
CVE
CVE
added 2022/11/17 12:0 a.m.65 views

CVE-2022-36786

DLINK DSL-224 router (firmware 3.0.8) is affected by a post-auth command injection via the NTP configuration interface exposed through a jsonrpc API. The underlying issue allows commands to run with ROOT privileges on the device, per multiple sources. Practical impact includes full device comprom...

9.9CVSS9.6AI score0.00856EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/11/17 12:0 a.m.16 views

WordPress Export Users With Meta plugin <= 0.6.8 - Auth. CSV Injection vulnerability

Auth. CSV Injection vulnerability discovered by Mika Patchstack Alliance in the WordPress Export Users With Meta plugin versions = 0.6.8. Solution No patched version is available. This plugin has been closed as of November 14, 2022 and is not available for download. This closure is temporary,...

3.8AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/17 12:0 a.m.19 views

Rocky Linux 8 : dovecot (RLSA-2022:7623)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7623 advisory. - An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args...

8.8CVSS7.2AI score0.01748EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.37 views

Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords

Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

6.5CVSS6.7AI score0.00649EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/11/16 12:0 p.m.29 views

GHSA-WCJJ-QM5V-J4PC Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords

Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

6.5CVSS6.6AI score0.00649EPSS
Exploits0References4
NVD
NVD
added 2022/11/15 8:15 p.m.26 views

CVE-2022-45384

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

6.5CVSS0.00649EPSS
Exploits0References2
OSV
OSV
added 2022/11/15 8:15 p.m.17 views

CVE-2022-45384

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

6.5CVSS6.5AI score0.00649EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/11/15 12:0 p.m.27 views

Concrete CMS vulnerable to Uncontrolled Resource Consumption leading to DoS

In Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service high load...

6.5CVSS6.2AI score0.00989EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.33 views

CVE-2022-45384

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

7AI score0.00649EPSS
Exploits0References2
CVE
CVE
added 2022/11/15 12:0 a.m.271 views

CVE-2022-45384

CVE-2022-45384 affects the Jenkins Reverse Proxy Auth Plugin. Versions 1.7.3 and earlier store the LDAP manager password unencrypted in the Jenkins controller’s global config.xml, enabling access by anyone with filesystem access to the controller. The vulnerability is triggered by plaintext stora...

6.5CVSS6.6AI score0.00649EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.6 views

PT-2022-27486 · Jenkins · Jenkins Reverse Proxy Auth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier Description: The issue allows attackers with access to the Jenkins controller file system to view the LDAP manager password, which is stored unencrypted in the global config.xml fil...

6.5CVSS6.2AI score0.00649EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.12 views

CVE-2022-45384

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

6.8AI score0.00649EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.7 views

CVE-2022-43686

In Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service high load...

6.8AI score0.00989EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.12 views

PortlandLabs Concrete CMS 资源管理错误漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS formerly concrete5 versions prior to 8.5.10 and versions 9.0.0 through 9.1.2, which stems from the fact that its...

6.5CVSS6.4AI score0.00989EPSS
Exploits0References7
hivepro
hivepro
added 2022/11/11 2:19 p.m.14 views

Citrix Addresses Auth bypass Flaws Affecting ADC and Gateway Products

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix has addressed bugs in Citrix ADC and Citrix Gateway. A remote intruder could exploit either of these flaws to obtain control of a susceptible system. To successfully exploit the vulnerabili...

2.5AI score
Exploits0
Rows per page
Query Builder