95957 matches found
CVE-2022-36361
A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA1 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA1 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA1 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA1 All versions, LOGO! 24CE 6ED1052-1CC08-0BA1 All versions, LOGO! 24CEo...
CVE-2024-43405
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code...
Apache Solr Code Issue Vulnerability
Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. A code issue vulnerability exists in Apache Solr, which stems from the presence of a...
GHSA-H7W9-C5VX-X7J3 Insecure Default Initialization of Resource vulnerability in Apache Solr
New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted"...
CVE-2024-45217
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...
Apache Solr 安全漏洞
Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. A code issue vulnerability exists in Apache Solr, which stems from the presence of a...
Monster Menus - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-045
This module enables you to group nodes within pages that have a highly-granular, distributed permissions structure. A function which can be used by third-party code does not return valid data under certain rare circumstances. If the third-party code relies on this data to decide whether to grant...
CVE-2024-6493
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2024-6493 NinjaTeam Header Footer Custom Code < 1.2 - Admin+ Stored XSS
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2024-6617
CVE-2024-6617 : NinjaTeam Header Footer Custom Code WordPress plugin (
CVE-2024-6617 NinjaTeam Header Footer Custom Code <= 1.2 - Admin+ Stored XSS via CSS Styles
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
WordPress NinjaTeam Header Footer Custom Code Plugin < 1.2 is vulnerable to Cross Site Scripting (XSS)
Software NinjaTeam Header Footer Custom Code Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6493 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 618713328f1e Credits Takshal...
Nuclei Template Signature Verification Bypass
Summary A vulnerability has been identified in Nuclei's template signature verification system that could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. Affected Component The vulnerability is present in the template signature...
GHSA-7H5P-MMPP-HGMM Nuclei Template Signature Verification Bypass
Summary A vulnerability has been identified in Nuclei's template signature verification system that could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. Affected Component The vulnerability is present in the template signature...
CVE-2024-43405
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code...
DEBIAN-CVE-2024-38807
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...
Buying Stuff For Free From Shopping Websites
Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install. From an attacker’s...
CVE-2024-37536
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Web357 Easy Custom Code LESS/CSS/JS – Live editing allows Stored XSS.This issue affects Easy Custom Code LESS/CSS/JS – Live editing: from n/a through 1.0.8...
CVE-2024-37536
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Web357 Easy Custom Code LESS/CSS/JS – Live editing allows Stored XSS.This issue affects Easy Custom Code LESS/CSS/JS – Live editing: from n/a through 1.0.8...
CVE-2024-37536 WordPress Easy Custom Code (LESS/CSS/JS) Plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Web357 Easy Custom Code LESS/CSS/JS – Live editing allows Stored XSS.This issue affects Easy Custom Code LESS/CSS/JS – Live editing: from n/a through 1.0.8...