Lucene search
K

104 matches found

OSV
OSV
added 2021/04/15 10:15 p.m.6 views

DEBIAN-CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

4.3CVSS5.5AI score0.02331EPSS
Exploits1References1
NVD
NVD
added 2021/04/15 10:15 p.m.20 views

CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

6.5CVSS0.02331EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/04/15 9:20 p.m.28 views

CVE-2021-29450 WordPress Authenticated disclosure of password-protected posts and pages

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

6.5CVSS6.8AI score0.02331EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2021/04/15 9:20 p.m.109 views

CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

6.5CVSS4.4AI score0.02331EPSS
Exploits1
OSV
OSV
added 2021/04/15 9:15 p.m.58 views

CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

6.5CVSS6.5AI score
Exploits0References7
NVD
NVD
added 2021/04/15 9:15 p.m.15 views

CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

7.1CVSS0.85719EPSS
Exploits20References7
OSV
OSV
added 2021/04/15 9:15 p.m.2 views

UBUNTU-CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

7.1CVSS5.7AI score0.85719EPSS
Exploits20References4
UbuntuCve
UbuntuCve
added 2021/04/15 9:15 p.m.115 views

CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

7.1CVSS6.6AI score0.85719EPSS
Exploits20References3
Cvelist
Cvelist
added 2021/04/15 9:10 p.m.35 views

CVE-2021-29447 WordPress Authenticated XXE attack when installation is running PHP 8

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

7.1CVSS6.7AI score0.85719EPSS
Exploits20References7
CVE
CVE
added 2021/04/15 9:10 p.m.377 views

CVE-2021-29447

CVE-2021-29447 is an XXE vulnerability in WordPress media handling (getID3 parsing WAV iXML chunks) that affects WordPress 5.6–5.7 on PHP 8+. Authenticated authors can upload a malicious WAV to trigger XML External Entity substitution (LIBXML_NOENT), enabling access to internal files. The issue i...

7.1CVSS6.4AI score0.85719EPSS
Exploits20References7Affected Software1
Debian CVE
Debian CVE
added 2021/04/15 9:10 p.m.141 views

CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

7.1CVSS4.7AI score0.85719EPSS
Exploits20
NVD
NVD
added 2019/07/29 1:15 p.m.15 views

CVE-2019-1020011

SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority...

9CVSS7.5AI score0.01324EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2019/03/08 9:18 p.m.134 views

Turn On Auto-Updates Everywhere You Can

Meltdowns like the Chrome zero day bug show why enabling auto-updates can be the wisest choice for many consumers...

3.4AI score
Exploits0
0day.today
0day.today
added 2018/01/29 12:0 a.m.35 views

Arq 5.10 - Local Privilege Escalation Exploit (2)

Exploit for macOS platform in category local exploits !/bin/bash Arq payload.sh EOF !/bin/bash rm -rf $HOME/.arq510privescexp while : do pid=\ps auxwww |grep '$app/Contents/MacOS/Arq' |grep -v grep |xar...

7.2CVSS7.4AI score0.01009EPSS
Exploits3
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2017/08/02 12:0 a.m.47 views

Stable Channel Update for Chrome OS

The Stable channel has been updated to 60.0.3112.80 Platform version: 9592.71.0 for most Chrome OS devices . This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over the next several days. Some highlights of these changes are:...

9.8CVSS8.6AI score0.47537EPSS
Exploits1Affected Software1
Malwarebytes
Malwarebytes
added 2017/07/21 6:4 p.m.55 views

Play Protect: Android’s new security system is now available

Play Protect, a security suite for Android devices, was originally introduced in mid-May of this year during the Google I/O conference. And in just a couple of months, the tech giant has made it available for all their mobile users. Play Protect is the amalgamation of Google’s Android security...

6.7AI score
Exploits0
MSRC
MSRC
added 2017/07/11 5:30 p.m.8 views

July 2017 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/07/08 5:29 a.m.5 views

LINE for Windows may insecurely load Dynamic Link Libraries

Overview LINE for Windows provided by LINE Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.8CVSS7.1AI score0.00382EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/12/10 12:0 a.m.2597 views

MS KB3119884: Improperly Issued Digital Certificates Could Allow Spoofing

The remote host is missing KB3119884, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 has been installed, it has not yet obtained the latest auto-updates. Note that this plugin checks that the updaters have actually updated the...

5.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/09/25 12:0 a.m.1507 views

MS KB3097966: Inadvertently Disclosed Digital Certificates Could Allow Spoofing

The remote host is missing KB3097966, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 has been installed, it has not yet obtained the latest auto-updates. Note that this plugin checks that the updaters have actually updated the...

5.5AI score
Exploits0References4
Rows per page
Query Builder