Lucene search
K

6612 matches found

Veracode
Veracode
added 2022/11/10 12:30 a.m.37 views

Information Disclosure

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: PAM Auth Plugin component, allowing an attacker to access critical data or complete access to all MySQL Server accessible data...

5.9CVSS6.1AI score0.02023EPSS
Exploits0References7Affected Software1
Patchstack
Patchstack
added 2022/11/10 12:0 a.m.35 views

WordPress Clerk plugin <= 3.8.2 - Auth. Bypass and API Keys Disclosure vulnerability

Auth. Bypass and API Keys Disclosure vulnerability discovered by Francesco Carlucci in the WordPress Clerk plugin versions = 3.8.2. Solution Update the WordPress Clerk plugin to the latest available version at least 4.0...

3.3AI score0.00881EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/11/09 3:46 p.m.64 views

CVE-2022-41978

The CVE-2022-41978 issue affects the WordPress Zoho CRM Lead Magnet plugin, specifically versions up to 1.7.5.8 (and referenced guidance up to 1.7.6.x). The root cause is insufficient authorization and CSRF protections in certain AJAX actions, allowing authenticated users (e.g., subscriber level)...

8.8CVSS6.8AI score0.02971EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/11/09 12:0 a.m.24 views

CVE-2022-29836 Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file...

1.9CVSS4.9AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2022/11/08 6:35 p.m.66 views

CVE-2022-32776

CVE-2022-32776 affects the WordPress plugin “Advanced Ads – Ad Manager & AdSense” 1.31.1, with references noting 1.32.0 or newer). The exploitation status is not detailed in the provided documents. Monitor for updates and apply the latest available version to mitigate risk.

4.8CVSS4.8AI score0.00437EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/08 6:34 p.m.26 views

CVE-2022-41980 WordPress Mantenimiento web plugin <= 0.13 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. admin+ Cross-Site Scripting XSS vulnerability in Mantenimiento web plugin = 0.13 on WordPress...

4.8CVSS5.2AI score0.00437EPSS
Exploits0References2
CVE
CVE
added 2022/11/08 6:34 p.m.63 views

CVE-2022-41980

The CVE-2022-41980 entry concerns the WordPress Mantenimiento web plugin, versions ≤ 0.13, where authenticated attackers with admin+ privileges can trigger Cross‑Site Scripting (XSS). Multiple sources describe the issue as an XSS vulnerability arising from unsanitized/uncleaned plugin settings, p...

4.8CVSS4.9AI score0.00437EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/08 6:16 p.m.75 views

CVE-2022-30545

The CVE-2022-30545 entry describes an authenticated reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin 5 Anker Connect, affected versions

4.8CVSS5AI score0.00437EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/03 6:44 p.m.82 views

CVE-2022-37899

CVE-2022-37899 describes authenticated command injection in ArubaOS CLI, allowing execution of arbitrary commands with privileged OS access. Multiple feeds (NVD, Red Hat, CNNVD, PRION, etc.) corroborate ArubaOS as the affected software and a command-injection class vulnerability; some sources not...

7.2CVSS7.5AI score0.01693EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/11/02 10:15 p.m.21 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in AgentEasy Properties plugin = 1.0.4 on WordPress...

4.3CVSS4.9AI score0.00412EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/11/02 12:0 a.m.18 views

WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AM-HiLi plugin versions = 1.0. Solution No patched version is available...

4.8CVSS2.1AI score0.00412EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.19 views

WordPress Subscribe to Category plugin <= 2.7.3 - Auth. Broken Access Control vulnerability

Auth. Broken Access Control vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress Subscribe to Category plugin versions = 2.7.1. Solution No patched version is available. No reply from the vendor...

4AI score0.00353EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.52 views

WordPress Popup Maker plugin <= 1.16.10 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by c3p0d4y in WordPress Popup Maker plugin versions = 1.16.10. Solution Update the WordPress Popup Maker plugin to the latest available version at least 1.16.11...

5.5CVSS1.9AI score0.00622EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.3 views

PHP Point of Sale 安全漏洞

PHP Point of Sale is an online point of sale system for small retail businesses by PHP Point of Sale, Inc. A security vulnerability exists in PHP Point of Sale LLC version 19.0 that stems from the application's susceptibility to the disclosure of authenticated information, which can be exploited ...

4.9CVSS5.5AI score0.00368EPSS
Exploits0References3
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.18 views

WordPress Booster for WooCommerce premium <= 5.6.4 - Auth. Arbitrary File Download vulnerability

Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress Booster for WooCommerce premium versions = 5.6.4. Solution Update the WordPress Booster Plus for WooCommerce plugin to the latest available version at least 5.6.5...

6.5CVSS3.7AI score0.00914EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.19 views

WordPress WP Best Quiz plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Alpaca in WordPress WP Best Quiz plugin versions = 1.0. Solution No patched version available...

2.1AI score0.00677EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2022/10/27 4:15 p.m.20 views

CVE-2022-3095

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '' characters in URIs, which can lead to auth bypass in webapp...

9.8CVSS0.00867EPSS
Exploits0References1
CVE
CVE
added 2022/10/27 12:0 a.m.162 views

CVE-2022-3095

CVE-2022-3095 affects Dart/Flutter: the Dart URI class uses RFC 3986 syntax for backslash parsing, diverging from WhatWG URL standards and causing incompatibilities with \ in URIs. This can enable authentication bypass in web apps that parse URIs. Affected: Dart versions prior to 2.18 and Flutter...

9.8CVSS9.6AI score0.00867EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2022/10/25 9:10 a.m.10 views

mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

5.9CVSS7.3AI score0.02023EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.3 views

PT-2022-24910 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: openfga/openfga versions 0.2.3 and prior Description: OpenFGA is an authorization/permission engine. The streamed-list-objects endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users who ar...

5.3CVSS6.8AI score0.00672EPSS
Exploits0References10
Rows per page
Query Builder