Lucene search
K

294 matches found

Code423n4
Code423n4
added 2021/07/11 12:0 a.m.9 views

The fallback receiver address could get twice the toSend amount

Handle s1m0 Vulnerability details In that block of code there are 2 external call inside a try/catch statements. In both the catch the toSend amount is transferred to the fallback receiver address effectively transferring twice if the 2 external call fail. Impact In the fulfill function the...

6.9AI score
Exploits0
OSV
OSV
added 2021/06/23 8:23 p.m.2 views

GHSA-M6CP-VXJX-65J6 SessionListener can prevent a session from being invalidated breaking logout

Impact If an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application us...

3.5CVSS6.7AI score0.00963EPSS
Exploits1References14
Kitploit
Kitploit
added 2021/03/16 8:30 p.m.116 views

SnitchDNS - Database Driven DNS Server With A Web UI

SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services. One of its main features is the logging of all DNS queries allowing the discovery o...

7.6AI score
Exploits0References8
CNVD
CNVD
added 2020/04/24 12:0 a.m.4 views

WordPress Catch Breadcrumb Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Catch Breadcrumb is a breadcrumb navigation plugin that is used to display the current location of a web page. A cross-site scripting...

6.1CVSS6.2AI score0.03611EPSS
Exploits2References1
NVD
NVD
added 2020/04/23 3:15 p.m.13 views

CVE-2020-12054

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...

6.1CVSS6.1AI score0.03611EPSS
Exploits2References2
OSV
OSV
added 2020/04/23 3:15 p.m.4 views

CVE-2020-12054

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...

6.1CVSS6.4AI score0.03611EPSS
Exploits2References2
Prion
Prion
added 2020/04/23 3:15 p.m.11 views

Cross site scripting

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...

4.3CVSS6AI score0.03611EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/04/23 12:39 p.m.16 views

CVE-2020-12054

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...

6.1AI score0.03611EPSS
Exploits2References2
CVE
CVE
added 2020/04/23 12:39 p.m.103 views

CVE-2020-12054

CVE-2020-12054 affects the WordPress Catch Breadcrumb plugin prior to 1.5.4 and is a reflected XSS via the s parameter (search query). The vulnerability also extends to 16 themes from the same author when the plugin is enabled (Alchemist, Izabel, Chique, Clean Enterprise, Bold Photography, Intuit...

6.1CVSS6AI score0.03611EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/22 12:0 a.m.15 views

Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS

=== DESCRIPTION - REFLECTED XSS ======================================== Catch Breadcrumb 1.5.4 plugin for WordPress allow Reflected XSS via a search query when used with one of the theme from the same author: Alchemist & Alchemist PRO, Izabel & Izabel PRO, Chique & Chique PRO, Clean Enterprise &...

4.3CVSS6.1AI score0.03611EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2020/04/22 12:0 a.m.22 views

WordPress Catch Breadcrumb plugin <= 1.5.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Catch Breadcrumb plugin versions = 1.5.6. Solution Update the WordPress Catch Breadcrumb plugin to the latest available version at least 1.5.7...

6.1CVSS2.2AI score0.03611EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2020/04/22 12:0 a.m.29 views

Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS

=== DESCRIPTION - REFLECTED XSS ======================================== Catch Breadcrumb 1.5.4 plugin for WordPress allow Reflected XSS via a search query when used with one of the theme from the same author: Alchemist & Alchemist PRO, Izabel & Izabel PRO, Chique & Chique PRO, Clean Enterprise &...

4.3CVSS6.2AI score0.03611EPSS
Exploits2References2
ThreatPost
ThreatPost
added 2019/11/25 4:35 p.m.70 views

PoS Malware Exposes Customer Data of Catch Restaurants

Popular NYC restaurants Catch NYC, Catch Roof and Catch Steak discovered and removed malware on their point-of-sale PoS systems — but not before it exposed credit-card information from unknowing diners. Catch Hospitality Group, which owns the three NYC hotspots, said in a data-breach notice this...

6.9AI score
Exploits0References14
RustSec
RustSec
added 2019/03/10 12:0 p.m.17 views

Fix for UB in failure to catch panics crossing FFI boundaries

Affected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which is a form of UB. This flaw was corrected by this commit1 which was included in version 2.6.0. 1: https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494...

7.5CVSS3.7AI score0.01177EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/03/10 12:0 p.m.26 views

RUSTSEC-2019-0038 Fix for UB in failure to catch panics crossing FFI boundaries

Affected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which is a form of UB. This flaw was corrected by this commit1 which was included in version 2.6.0. 1: https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494...

7.5CVSS7.3AI score0.01177EPSS
Exploits0References3
CNVD
CNVD
added 2018/09/10 12:0 a.m.3 views

WAVM Buffer Over-Read Vulnerability

WAVM is the WebAssembly Virtual Machine. A heap buffer over-read vulnerability exists in IR::FunctionValidationContext::catchall in WAVM 2018-07-26 and earlier versions, which can be exploited by an attacker to cause a denial of service application crash by sending a specially crafted file...

8.8CVSS8.6AI score0.01269EPSS
Exploits1References1
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/12/07 1:23 p.m.15 views

await vs return vs return await

When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...

7.4AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/12/07 1:23 p.m.13 views

await vs return vs return await

When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...

7.4AI score
Exploits0
CNVD
CNVD
added 2017/10/20 12:0 a.m.2 views

Sky Catchers App has an overstepping access vulnerability

Daily Catch App is an O2O crane catching software. Daily Catch App has an over-the-horizon access vulnerability that allows an attacker to log into the system and obtain sensitive information by catching packets and modifying IDs...

6.6AI score
Exploits0
Kitploit
Kitploit
added 2017/10/13 1:33 p.m.15 views

VHostScan - Virtual Host Scanner

A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 slidedeck. Key Benefits Quickly highlight unique content in catch-all scenarios Locate the outliers in catch-all scenarios whe...

6.9AI score
Exploits0References1
Rows per page
Query Builder