Lucene search
+L

389 matches found

cve
cve
added 2024/02/23 6:48 a.m.81 views

CVE-2024-1778

CVE-2024-1778 affects the WordPress plugin “Admin side data storage for Contact Form 7.” The vulnerability is due to a missing capability check in the zt_dcfcf_change_bookmark() function, enabling unauthenticated actors to modify bookmark statuses in all versions up to 1.1.1. Multiple connected s...

5.3CVSS5.3AI score0.00375EPSS
Exploits0References2Affected Software1
veracode
veracode
added 2024/01/24 1:18 p.m.16 views

Prototype Pollution

hoolock is vulnerable to Prototype Pollution. The vulnerability is due to utility functions failing to block attempts to access or alter object prototypes. An attacker can modify application data or perform a Denial of Service by exploiting this vulnerability...

6.5CVSS6.7AI score0.01007EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2023/12/16 2:15 a.m.28 views

CVE-2022-24351

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process...

4.7CVSS0.00143EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/12/16 12:0 a.m.4 views

PT-2023-12746 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: InsydeH2O versions 5.2 before 05.27.29 InsydeH2O versions 5.3 before 05.36.29 InsydeH2O versions 5.4 before 05.44.13 InsydeH2O versions 5.5 before 05.52.13 Description: A TOCTOU race-condition issue allows an attacker to alter data and code...

4.7CVSS4.8AI score0.00143EPSS
Exploits0References4
cve
cve
added 2023/12/16 12:0 a.m.53 views

CVE-2022-24351

The CVE-2022-24351 issue affects InsydeH2O BIOS used in Siemens/InsydeH2O platforms (e.g., various Kernel 5.x branches) and is a TOCTOU race condition that can alter data and code used during the boot process. The connected documents confirm affected versions: InsydeH2O 5.2 before 05.27.29, 5.3 b...

4.7CVSS4.9AI score0.00143EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2023/12/08 12:0 a.m.7 views

The vulnerability of microprogrammed software in Osprey Pump Controller controllers allows a intruder to alter arbitrary data or cause malfunctions during maintenance.

The vulnerability of microprogrammed software in Osprey Pump Controller controllers relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to alter arbitrary data or cause malfunctions in the system...

10CVSS7.9AI score0.00892EPSS
Exploits0References3Affected Software1
prion
prion
added 2023/11/28 9:15 p.m.29 views

Information disclosure

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...

4.6CVSS6.8AI score0.00274EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2023/11/28 12:0 a.m.4 views

PT-2023-22122 · Unknown · Facschorus

Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, whi...

4.3CVSS4.4AI score0.00274EPSS
Exploits0References4
attackerkb
attackerkb
added 2023/10/31 11:15 p.m.5 views

CVE-2023-39695

Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out...

5.3CVSS5.8AI score0.00402EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2023/10/20 12:0 a.m.4 views

PT-2023-27189 · WordPress · Wpdiscuz

Name of the Vulnerable Software and Affected Versions: wpDiscuz plugin for WordPress versions up to, and including, 7.6.3 Description: The issue is related to a missing authorization check on the userRate function, allowing unauthenticated attackers to modify data by increasing or decreasing the...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References7
cnnvd
cnnvd
added 2023/09/27 12:0 a.m.6 views

WS_FTP Server SQL Injection Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A SQL injection vulnerability exists in WSFTP Server versions prior to 8.7.4, 8.8.2. An attacker exploiting this vulnerability is able to infer information about the structure and content ...

8.2CVSS7.8AI score0.00854EPSS
Exploits0References3
prion
prion
added 2023/09/19 11:16 a.m.15 views

Sql injection

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sendi...

4CVSS7.9AI score0.00499EPSS
Exploits0References1Affected Software2
osv
osv
added 2023/07/21 8:18 p.m.25 views

GHSA-C9HW-557Q-F8HQ Pimcore vulnerable to SQL Injection in Dataobjects sorting

Impact Using some SQL exploitation tools such as sqlmap, an attacker can enumerate all information in the database, alter data or perform dos on the backend database. Patches Update to version 10.6.5 or apply this patch manually...

7.2CVSS7AI score0.00957EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2023/07/12 12:0 a.m.6 views

PT-2023-9532 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to errors in authorization within the Field Service Engineer Portal component of Oracle Field Service in Oracle E-Business Suite. This easily exploitabl...

8.5CVSS8.1AI score0.00435EPSS
Exploits0References8
nvd
nvd
added 2023/05/23 2:15 a.m.21 views

CVE-2023-27304

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin...

4.3CVSS4.4AI score0.00517EPSS
Exploits0References2
osv
osv
added 2023/05/23 2:15 a.m.4 views

CVE-2023-27384

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport...

4.3CVSS5.9AI score0.00517EPSS
Exploits0References2
prion
prion
added 2023/05/23 2:15 a.m.14 views

Authentication flaw

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin...

4CVSS4.8AI score0.00517EPSS
Exploits0References2Affected Software1
prion
prion
added 2023/05/23 2:15 a.m.22 views

Authentication flaw

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport...

4CVSS4.7AI score0.00517EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/05/23 12:0 a.m.11 views

CVE-2023-27384

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport...

4.4AI score0.00517EPSS
Exploits0References2
cvelist
cvelist
added 2023/05/23 12:0 a.m.25 views

CVE-2023-27304

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin...

5.1AI score0.00517EPSS
Exploits0References2
Rows per page
Query Builder