Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 9:54 a.m.6 views

CVE-2024-3067

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

7.2CVSS7.2AI score0.00684EPSS
Exploits0References1
0day.today
0day.today
added 2025/01/01 12:0 a.m.269 views

ABB Cylon Aspect 3.08.03 webServerDeviceLabelUpdate.php Denial of Service Vulnerability

ABB Cylon Aspect version 3.08.03 suffers from an authenticated arbitrary content injection vulnerability in the webServerDeviceLabelUpdate.php script due to a lack of input validation. Authenticated attackers can exploit the deviceLabel POST parameter to write arbitrary content to a fixed file...

7.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/12/06 8:24 a.m.11 views

CVE-2024-9872 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasaveuserdatacallback function in all versions up to, and including, 4.5.1. This makes it possible for authenticated...

5.4CVSS6.5AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2024/11/18 7:15 a.m.31 views

CVE-2024-22067

ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...

8.8CVSS0.00673EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/31 2:35 a.m.3 views

CVE-2023-2439

The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.2AI score0.00332EPSS
Exploits0References2
Ivanti
Ivanti
added 2023/10/04 4:13 p.m.9 views

SA-2023-08-08-CVE-2023-35083

SECURITY ADVISORY 08-08-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU3 and all previous versions. We have a Hotfix available to remediate this vulnerability that can be found by going to CVE-2023-35083 Full details. Please log into the...

6.5CVSS9.5AI score0.01091EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/05/31 4:35 a.m.7 views

CVE-2023-2304 Favorites <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS6.8AI score0.00687EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/13 8:18 p.m.8 views

CVE-2022-4207

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...

5.5CVSS5.1AI score0.00526EPSS
Exploits0References3
CNVD
CNVD
added 2021/07/13 12:0 a.m.9 views

Fortinet FortiMail Buffer Overflow Vulnerability

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. A buffer overflow vulnerability exists in Fortinet FortiMail, which stems from a buffer size miscalculation in multiple instances. An...

8.8CVSS7.6AI score0.01095EPSS
Exploits0References1
Rows per page
Query Builder