Lucene search
K

26 matches found

Positive Technologies
Positive Technologies
added 2025/01/03 12:0 a.m.12 views

PT-2025-1788 · WordPress · The Photo Gallery Slideshow & Masonry Tiled Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress versions up to, and including, 1.0.15 Description: The issue allows authenticated attackers with Subscriber-level access and above to make web requests to arbitrary...

4.3CVSS9.3AI score0.00379EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/04/09 6:59 p.m.99 views

CVE-2024-2222 Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Deletion

The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaxcallbackdeleteattachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber...

4.3CVSS4.7AI score0.00539EPSS
Exploits0References4
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.13 views

claimAuction can be reverted by any bidder, locking all funds and the prize.

Lines of code Vulnerability details Description claimAuction is used to redeem the auction's ERC-721 and refund all bidders that didn't win the auction. In this process, callbacks are sent to every single bidder via low-level calls that triggers fallbacks/receives and ERC721.safeTransferFrom. So,...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/03/18 12:0 a.m.5 views

The vulnerability of the OAuth2 extension for the software environment used to implement the MediaWiki hypertext environment allows a hacker to perform cross-site request forgeing attacks.

The vulnerability of the OAuth2 extension for implementing the MediaWiki hypertext environment is related to the absence of a check on the OAuth2 status parameter in the callback function. Exploiting this vulnerability allows a malicious actor to perform cross-site forged requests...

10CVSS7.5AI score0.01164EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2016/04/09 1:59 a.m.3 views

CVE-2016-1016

Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different...

8.8CVSS6.1AI score0.06102EPSS
Exploits0References8
seebug.org
seebug.org
added 2010/08/11 12:0 a.m.68 views

Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048)

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Microsoft Windows CreateWindow function callback vulnerability 1. Advisory Information Title: Microsoft Windows CreateWindow function...

7.2CVSS6.4AI score0.03428EPSS
Exploits8
Rows per page
Query Builder