Lucene search
K

43 matches found

NVD
NVD
added 2025/03/08 12:15 p.m.25 views

CVE-2024-13675

The SlingBlocks – Gutenberg Blocks by FunnelKit Formerly WooFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Icon List" Block in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00198EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/09 7:56 a.m.9 views

CVE-2024-43656 A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution.

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – It might be difficult for an attacker to identify the fil...

9.3CVSS7.8AI score0.01453EPSS
Exploits0References3
NVD
NVD
added 2024/12/29 6:15 a.m.16 views

CVE-2024-12238

The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before runni...

6.3CVSS0.00478EPSS
Exploits0References2
CVE
CVE
added 2024/12/12 3:23 a.m.49 views

CVE-2024-11901

CVE-2024-11901 affects the WordPress PowerBI Embed Reports plugin (up to version 1.1.7). The vulnerability is Stored XSS via the MO_API_POWER_BI shortcode, caused by insufficient input sanitization and output escaping for user-supplied shortcode attributes. Authenticated attackers with contributo...

6.4CVSS5.8AI score0.00476EPSS
Exploits0References3
OSV
OSV
added 2024/11/18 6:15 a.m.1 views

DEBIAN-CVE-2024-52946

An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value...

8.8CVSS5.3AI score0.00473EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 6:15 a.m.17 views

CVE-2024-52946

An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value...

8.8CVSS0.00473EPSS
Exploits0References2
OSV
OSV
added 2024/11/18 6:15 a.m.3 views

UBUNTU-CVE-2024-52946

An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value...

8.8CVSS5.8AI score0.00473EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.4 views

LemonLDAP::NG 安全漏洞

LemonLDAP::NG is the LemonLDAP::NG open source suite of web single sign-on and access management software. A security vulnerability exists in LemonLDAP::NG versions prior to 2.20.1 that stems from the presence of an incorrect check that allows authenticated users to increase their authentication...

8.8CVSS6.4AI score0.00473EPSS
Exploits0References1
CVE
CVE
added 2024/11/18 12:0 a.m.66 views

CVE-2024-52946

CVE-2024-52946 affects LemonLDAP::NG prior to 2.20.1. The issue is an improper check during session refresh, allowing an authenticated user to raise their authentication level when an adaptive authentication rule is configured with an increment instead of an absolute value. Impact per sources: ab...

8.8CVSS7AI score0.00473EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/18 12:0 a.m.12 views

CVE-2024-52946

An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value...

6.8AI score0.00473EPSS
Exploits0References1
Snyk
Snyk
added 2024/09/26 5:49 p.m.2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to the improper handling of the requiredaal setting in the authentication process. An attacker can bypass multi-factor authentication requirements by exploiting the incorrect storage of availableaal values in...

5.9CVSS7.2AI score0.00327EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.4 views

Ory Kratos 授权问题漏洞

Ory Kratos is a developer-friendly, secure, and proven cloud identity, user management, and authentication system from Ory Open Source. An authorization issue vulnerability exists in Ory Kratos versions prior to 1.3.0 that stems from the highestavailable setting incorrectly assuming that the...

4.4CVSS6.6AI score0.00327EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.160 views

General Electric D20 Password Recovery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module grabs the device configuration from a GE D20M RTU and parses the usernames and passwords from it. class MetasploitModule 'General Electric D20 Password...

7.5CVSS7.1AI score0.09493EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.8 views

PT-2024-27113 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.43 Description: The issue is related to Stored Cross-Site Scripting via the Link To field of multiple widgets due to insufficient input sanitization and output...

7.4CVSS5.8AI score0.00322EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.10 views

WP Shortcodes Plugin < 7.1.6 - Contributor+ Stored XSS via su_members Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/03 12:0 a.m.13 views

Simple Membership < 4.4.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpmpaypalsubscriptioncancellink' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

6.4CVSS5.5AI score0.00429EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/30 6:44 a.m.10 views

CVE-2024-2143 Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.4AI score0.00343EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.14 views

CVE-2024-1414 Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7AI score0.00423EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.4 views

PT-2024-15900 · WordPress · The Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin for WordPress versions up to, and including, 2.7.4.2 Description: The issue is related to Stored Cross-Site Scripting via the button link parameter due to insufficient input sanitization and...

6.4CVSS8AI score0.00505EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/02/20 6:56 p.m.30 views

CVE-2024-1586 Schema & Structured Data for WP & AMP <= 1.26 - Authenticated (Custom) Stored Cross-Site Scripting

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...

6.4CVSS6AI score0.00372EPSS
Exploits0References2
Rows per page
Query Builder