Lucene search
K

36 matches found

Veracode
Veracode
added 2024/08/23 7:26 a.m.14 views

Cross-Site Request Forgery (CSRF)

Hono is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the CSRF middleware's case sensitivity in MIME type matching, which allows bypassing protection with upper-case MIME types...

5CVSS6.7AI score0.00231EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/02/28 9:15 a.m.19 views

CVE-2024-1476

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mo...

5.3CVSS5.1AI score0.00479EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/20 6:56 p.m.29 views

CVE-2024-1475 Coming Soon Maintenance Mode <= 1.0.5 - Information Exposure

The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the...

5.3CVSS5.4AI score0.00461EPSS
Exploits0References2
Prion
Prion
added 2023/08/21 5:15 p.m.14 views

Design/Logic Flaw

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered...

5CVSS7.5AI score0.00692EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/21 12:29 p.m.12 views

CVE-2023-3604 Change WP Admin < 1.1.4 - Secret Login Page Disclosure

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered...

6.7AI score0.00692EPSS
Exploits2References1
CVE
CVE
added 2023/08/21 12:29 p.m.58 views

CVE-2023-3604

CVE-2023-3604 affects the Change WP Admin Login WordPress plugin prior to version 1.1.4. The vulnerability arises from disclosing the URL of the hidden login page when a crafted URL is accessed, bypassing the plugin’s protection mechanism. Impact, as stated in multiple sources, is that an unauthe...

7.5CVSS7.5AI score0.00692EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/27 12:0 a.m.10 views

Change WP Admin < 1.1.4 - Secret Login Page Disclosure

Description The plugin discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. PoC - Set custom Login URL under "Settings Permalinks". For example, login - As an unauthenticated visitor, open https://example.com/wp-admin/customize.php in a...

7.5CVSS6.5AI score0.00692EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2023/03/07 10:20 p.m.23 views

CVE-2023-25147

An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on t...

6.7AI score0.00233EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.37 views

K16364: GNU C Library (glibc) vulnerability CVE-2012-3406

Security Advisory Description The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the...

7.4AI score
Exploits0Affected Software11
AlpineLinux
AlpineLinux
added 2021/07/09 4:2 p.m.66 views

CVE-2021-3541

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

6.5CVSS7.5AI score0.01861EPSS
Exploits0
FreeBSD
FreeBSD
added 2021/05/18 12:0 a.m.34 views

libxml2 -- Possible denial of service

Daniel Veillard reports: A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

6.5CVSS2.7AI score0.01861EPSS
Exploits0References2
Prion
Prion
added 2019/07/23 2:15 p.m.19 views

Design/Logic Flaw

When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This...

4CVSS6.9AI score0.01147EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2019/03/23 5:7 p.m.43 views

CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.6AI score0.11844EPSS
Exploits1References22
Tenable Nessus
Tenable Nessus
added 2018/10/16 12:0 a.m.51 views

RHEL 7 : ghostscript (RHSA-2018:2918)

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.3CVSS6.8AI score0.92499EPSS
Exploits4References9
Cvelist
Cvelist
added 2017/08/31 8:0 p.m.17 views

CVE-2016-10510

Cross-site scripting XSS vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection mechanism in system/classes/Kohana/Security.php...

6AI score0.01659EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2017/06/09 12:0 a.m.34 views

EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2017-1101)

According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a...

7.8CVSS7.4AI score0.96968EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2017/05/15 12:0 a.m.33 views

Scientific Linux Security Update : ghostscript on SL6.x, SL7.x i386/x86_64 (20170512)

Security Fixes : - It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection...

7.8CVSS7.3AI score0.96968EPSS
Exploits7References2
Debian CVE
Debian CVE
added 2016/12/11 2:0 a.m.37 views

CVE-2016-9865

An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMAsafeUnserialize function. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

9.8CVSS9.4AI score0.02267EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2016/12/11 2:0 a.m.59 views

CVE-2016-9865

An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMAsafeUnserialize function. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

9.8CVSS9.4AI score0.02267EPSS
Exploits0
FreeBSD
FreeBSD
added 2016/11/11 12:0 a.m.104 views

jenkins -- Remote code execution vulnerability in remoting module

Jenkins Security Advisory: An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassi...

9.8CVSS4.5AI score0.96943EPSS
Exploits5References1
Rows per page
Query Builder