Lucene search
+L

1098 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-13313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to th...

4.3CVSS5.2AI score0.00981EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/21 1:25 p.m.7 views

CVE-2025-4046

A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization...

8.5CVSS7.1AI score0.00279EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-26531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient capability checks made it possible to disable badges a user does not have permission to access. CVE-2025-26531 Note that Nessus relies on the...

5.3CVSS6AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/19 1:12 p.m.9 views

CVE-2025-4046 Missing Authorization in Lexmark Cloud Services badge management

A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization...

8.5CVSS7AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/19 1:12 p.m.14 views

CVE-2025-4046 Missing Authorization in Lexmark Cloud Services badge management

A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization...

8.5CVSS0.00279EPSS
Exploits0References1
CVE
CVE
added 2025/08/19 1:12 p.m.21 views

CVE-2025-4046

CVE-2025-4046 describes a Missing Authorization vulnerability in Lexmark Cloud Services badge management that could allow reassigning badges within an organization. Affected surface: Lexmark Cloud Services badge management component; root cause: insufficient access control enabling unauthorized r...

8.5CVSS6.5AI score0.00279EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.4 views

Lexmark Cloud Services 安全漏洞

Lexmark Cloud Services is a cloud-based suite of services from Lexmark, Inc. A security vulnerability exists in Lexmark Cloud Services that stems from a lack of authorization for badge management and could allow an attacker to reassign badges within an organization...

8.5CVSS6.7AI score0.00279EPSS
Exploits0References2
OSV
OSV
added 2025/08/07 8:59 a.m.5 views

BIT-MOODLE-2025-26531 IDOR in badges allows disabling of arbitrary badges

Insufficient capability checks made it possible to disable badges a user does not have permission to access...

5.3CVSS3.4AI score0.00275EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/06/05 3:30 a.m.5 views

a3m (=0.1.0), aa-charlink (>=0.1.1 <=1.0.0) +2521 more potentially affected by CVE-2025-48432 via django (>=1.10.0 <=4.2.21)

django PYPI version =1.10.0, =0.1.1, =1.0.0, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =1.4.0, =1.4.2 - adede =4.1.0 and more Source cves: CVE-2025-48432 Source advisory: OSV:GHSA-7XR5-9HCQ-CHF9...

5.3CVSS6.4AI score0.00629EPSS
Exploits0
OSV
OSV
added 2025/06/03 2:59 p.m.9 views

BIT-MOODLE-2024-48899 Moodle: idor when accessing list of course badges

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to...

4.3CVSS6.6AI score0.00298EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:23 a.m.8 views

CVE-2024-3280

The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsitefollowusbadges shortcode in all versions up to, and including, 3.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:4 p.m.9 views

CVE-2022-34180

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified j...

7.5CVSS6.6AI score0.01137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/12 8:11 a.m.22 views

CVE-2024-13909

The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

4.9CVSS7.7AI score0.00257EPSS
Exploits0References1
CVE
CVE
added 2025/04/10 7:2 a.m.46 views

CVE-2024-13909

The CVE CVE-2024-13909 affects the Accredible Certificates & Open Badges WordPress plugin. It enables time-based SQL Injection through the orderby parameter in all versions up to 1.4.9 due to inadequate escaping and query construction, allowing authenticated Administrator+-level attackers to appe...

4.9CVSS7.3AI score0.00257EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/10 7:2 a.m.29 views

CVE-2024-13909 Accredible Certificates & Open Badges <= 1.4.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter

The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

4.9CVSS0.00257EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.5 views

Moodle 4.4.x < 4.4.4 Multiple Insecure Direct Object Reference

According to its self-reported version, the Moodle install hosted on the remote host is 4.4.x prior to 4.4.4. It is, therefore, affected by multiple insecure direct object reference. - An IDOR when accessing list of badge recipients. - An IDOR when accessing list of course badges. Note that the...

4.3CVSS7.3AI score0.00341EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.4 views

WordPress plugin Accredible Certificates & Open Badges SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Accredible Certificates & Ope...

4.9CVSS6.5AI score0.00257EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/03 4:23 p.m.10 views

CVE-2025-31804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

6.5CVSS7.2AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 2025/04/01 3:16 p.m.8 views

CVE-2025-31804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

6.5CVSS0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/01 2:51 p.m.7 views

CVE-2025-31804 WordPress Follow Us Badges plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

6.5CVSS8.6AI score0.00331EPSS
Exploits0References1
Rows per page
Query Builder