Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5078 matches found

NVD
NVDadded 2020/04/29 9:15 p.m.10 views

CVE-2020-12468

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/...

7.8CVSS7.7AI score0.00858EPSS
Exploits1References1
OSV
OSVadded 2020/04/29 9:15 p.m.11 views

CVE-2020-12468

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/...

7.8CVSS7AI score
Exploits0References1
Prion
Prionadded 2020/04/29 9:15 p.m.16 views

Input validation

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/...

6.8CVSS7.6AI score0.00858EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2020/04/29 7:58 p.m.14 views

CVE-2020-12468

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/...

7.7AI score0.00858EPSS
Exploits1References1
CVE
CVEadded 2020/04/29 7:58 p.m.44 views

CVE-2020-12468

Subrion CMS 4.2.1 is affected by CVE-2020-12468. The vulnerability allows CSV injection through a phrase value stored in a language, specifically related to phrases/add/ and languages/download/. The root cause is the lack of input sanitization for phrase values, enabling crafted content to be int...

7.8CVSS7.6AI score0.00858EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVASadded 2020/04/28 12:0 a.m.21 views

WordPress Import Export WordPress Users Plugin < 1.3.9 Arbitrary User Creation Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

8.8CVSS8.9AI score0.01727EPSS
Exploits2References2
Hacker One
Hacker Oneadded 2020/04/27 11:13 a.m.17 views

Shopify: A staff without export customers permissions can still export customers CSV file

Steps To Reproduce: 1. Login as staff without export customers permissions but with customers permissions. 2. Go to customers pages, you can still export customers CSV file. F805311 F805312 F805313 Impact A staff without export customers permissions can still export customers CSV file...

2.9AI score
Exploits0
OSV
OSVadded 2020/04/23 2:15 a.m.2 views

CVE-2020-12074

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV...

8.8CVSS7.3AI score0.01727EPSS
Exploits2References1
NVD
NVDadded 2020/04/23 2:15 a.m.10 views

CVE-2020-12074

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV...

8.8CVSS8.8AI score0.01727EPSS
Exploits2References1
Prion
Prionadded 2020/04/23 2:15 a.m.13 views

Code injection

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV...

6.5CVSS8.7AI score0.01727EPSS
Exploits2References1Affected Software1
CVE
CVEadded 2020/04/23 2:0 a.m.140 views

CVE-2020-12074

The CVE concerns the WordPress plugin “users-customers-import-export-for-wp-woocommerce” (pre-1.3.9). The vulnerability allows subscribers to import new users, including administrative accounts, via a CSV import, enabling privilege escalation within WordPress. Root cause is improper validation/au...

8.8CVSS8.7AI score0.01727EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2020/04/23 2:0 a.m.18 views

CVE-2020-12074

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV...

8.8CVSS8.8AI score0.01727EPSS
Exploits2References1
OpenVAS
OpenVASadded 2020/04/16 12:0 a.m.56 views

Debian: Security Advisory (DLA-2174-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.71135EPSS
Exploits5References3
Zero Day Initiative
Zero Day Initiativeadded 2020/04/15 12:0 a.m.34 views

Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET database...

7.8CVSS4AI score0.11685EPSS
Exploits0References1
Microsoft KB
Microsoft KBadded 2020/04/14 7:0 a.m.151 views

April 14, 2020—KB4550970 (Security-only update)

April 14, 2020—KB4550970 Security-only update NEW IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...

9.3CVSS7.6AI score0.69166EPSS
Exploits4
OSV
OSVadded 2020/04/05 12:15 a.m.2 views

CVE-2020-11548

The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed...

9.8CVSS7.8AI score0.05175EPSS
Exploits0References2
NVD
NVDadded 2020/04/05 12:15 a.m.8 views

CVE-2020-11548

The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed...

9.8CVSS9.9AI score0.05175EPSS
Exploits0References2
Prion
Prionadded 2020/04/05 12:15 a.m.15 views

Remote code execution

The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed...

7.5CVSS9.8AI score0.05175EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2020/04/04 11:48 p.m.2 views

EUVD-2020-3899

The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed...

9.8CVSS9.9AI score0.05175EPSS
Exploits0References2
Cvelist
Cvelistadded 2020/04/04 11:48 p.m.13 views

CVE-2020-11548

The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed...

9.9AI score0.05175EPSS
Exploits0References2
Rows per page
Query Builder