Lucene search
K

10518 matches found

OSV
OSV
added 2024/06/11 3:15 a.m.3 views

CVE-2024-34686

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References2
OSV
OSV
added 2024/06/11 3:15 a.m.2 views

CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser...

6.5CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/11 1:58 a.m.20 views

CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...

8.1CVSS6.8AI score0.00368EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.12 views

Salon booking system < 10.0 - Missing Authorization

Description The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with...

5.4CVSS6.4AI score0.00385EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2024/06/08 2:23 p.m.11 views

MTN Group: FULL ACCOUNT TAKEOVER

The selfservice portal at https://mymtn.com.ng/ allowed an attacker to take over any Nigerian MTN phone number. The attacker was able to access the account holder's personal information, such as date of birth and full name. The attacker also had the ability to use any available airtime on the...

7AI score
Exploits0
CVE
CVE
added 2024/06/08 8:39 a.m.74 views

CVE-2024-5654

CVE-2024-5654 affects the CF7 Google Sheets Connector plugin for WordPress, in all versions up to and including 5.0.9. The root cause is a missing capability check on the execute_post_data_cg7_free function, enabling unauthenticated attackers to modify site configuration settings (e.g., WP_DEBUG,...

6.5CVSS6.5AI score0.00352EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/08 8:39 a.m.17 views

CVE-2024-5654 CF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration Update

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS6.7AI score0.00352EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/08 8:39 a.m.33 views

CVE-2024-5654 CF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration Update

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS0.00352EPSS
Exploits0References3
NVD
NVD
added 2024/06/08 8:15 a.m.15 views

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

5.4CVSS0.00385EPSS
Exploits0References9
OSV
OSV
added 2024/06/08 8:15 a.m.4 views

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

5.4CVSS5.8AI score0.00385EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/06/08 7:37 a.m.15 views

CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

4.3CVSS6.4AI score0.00385EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/06/08 7:37 a.m.19 views

CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

4.3CVSS0.00385EPSS
Exploits0References9
CVE
CVE
added 2024/06/08 7:37 a.m.55 views

CVE-2024-4468

CVE-2024-4468 concerns the Salon Booking System plugin for WordPress. The issue arises from a missing capability check on functions hooked into admin_init, allowing authenticated users with subscriber access or higher to modify plugin settings and view discount codes intended for other users. Aff...

5.4CVSS4.7AI score0.00385EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/08 5:44 a.m.19 views

CVE-2024-5087 Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS6.5AI score0.00436EPSS
Exploits0References9
CVE
CVE
added 2024/06/08 5:44 a.m.57 views

CVE-2024-5087

CVE-2024-5087 affects the Minimal Coming Soon – Coming Soon Page WordPress plugin. The vulnerability is caused by missing capability checks in AJAX handlers (validate_ajax, deactivate_ajax, save_ajax) on all versions up to 2.38, enabling authenticated users with Subscriber-level access and above ...

6.3CVSS5.9AI score0.00436EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2024/06/08 5:44 a.m.29 views

CVE-2024-4661 WP Reset <= 2.02 - Missing Authorization to License Key Modification

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...

4.3CVSS0.0028EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/08 5:44 a.m.19 views

CVE-2024-4661 WP Reset <= 2.02 - Missing Authorization to License Key Modification

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...

4.3CVSS6.5AI score0.0028EPSS
Exploits0References2
NVD
NVD
added 2024/06/08 5:15 a.m.19 views

CVE-2024-5770

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...

4.3CVSS0.00347EPSS
Exploits0References4
OSV
OSV
added 2024/06/08 5:15 a.m.6 views

CVE-2024-5770

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...

4.3CVSS5.8AI score0.00347EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/08 4:32 a.m.14 views

CVE-2024-5770 WP Force SSL & HTTPS SSL Redirect <= 1.66 - Missing Authorization to Settings Update

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...

4.2CVSS6.5AI score0.00347EPSS
Exploits0References4
Rows per page
Query Builder