Lucene search
K

10518 matches found

WPVulnDB
WPVulnDB
added 2024/06/04 12:0 a.m.10 views

ProfileGrid < 5.8.7 - Missing Authorization

Description The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it...

4.3CVSS6.6AI score0.00351EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/04 12:0 a.m.5 views

Vulnerability of the Client component: mysqldump in the Oracle MySQL Server database management system. This component allows attackers to gain unauthorized access for reading, adding, modifying, or deleting protected information, or to cause a service failure.

The vulnerability of the Client component, mysqldump in the Oracle MySQL Server database management system, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, add, modify, or delete protected...

4.9CVSS6.3AI score0.00424EPSS
Exploits0References14Affected Software6
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.20 views

RHEL 7 : podman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - podman: Privilege escalation in API component CVE-2019-25067 - An incorrect handling of the supplementary...

8.8CVSS8.1AI score0.02324EPSS
Exploits2References4
NVD
NVD
added 2024/06/01 8:15 a.m.19 views

CVE-2024-4958

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This makes it...

7.1CVSS6.8AI score0.00334EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/01 7:35 a.m.20 views

CVE-2024-4958 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This makes it...

7.1CVSS6.5AI score0.00334EPSS
Exploits0References2
NVD
NVD
added 2024/05/31 6:15 a.m.21 views

CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

9.8CVSS7AI score0.00546EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/31 6:11 a.m.10 views

CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

9.8CVSS9.6AI score0.00546EPSS
Exploits0References4
CVE
CVE
added 2024/05/31 6:11 a.m.75 views

CVE-2024-36246

CVE-2024-36246 corresponds to a Missing Authorization for coejobhook Command Execution (CWE-862) in Yokogawa Unifier and Unifier Cast. Public sources confirm an Arbitrary Code Execution vector with LocalSystem privileges if exploited. Affected versions include Unifier and Unifier Cast 5.0+ (befor...

9.8CVSS9.6AI score0.00546EPSS
Exploits0References4
CVE
CVE
added 2024/05/31 6:11 a.m.69 views

CVE-2024-23847

The CVE-2024-23847 issue affects Yokogawa Unifier and Unifier Cast (Unifier 5.0+ and Unifier Cast 5.0+, up to before v5.10.6; unpatched versions). Root cause: Incorrect default permissions (Cast Launcher CWE-276) enabling arbitrary code execution with LocalSystem privileges. Impact: potential ins...

7.8CVSS7AI score0.0017EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/31 6:11 a.m.24 views

CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

7.8CVSS7AI score0.0017EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/31 6:11 a.m.10 views

CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

7.8CVSS6.7AI score0.0017EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/05/31 12:0 a.m.14 views

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin < 3.2.1 - Missing Authorization to Privilege Escalation

Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This...

7.1CVSS6.4AI score0.00334EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/30 11:15 a.m.32 views

CVE-2024-5326

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated...

8.8CVSS8.4AI score0.01426EPSS
Exploits1References4
CVE
CVE
added 2024/05/30 10:59 a.m.76 views

CVE-2024-5326

The CVE-2024-5326 issue affects the WordPress plugin Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX (versions up to 4.1.2). It has a missing capability check in postx_presets_callback that lets authenticated attackers with Contributor-level access and above modify arbitrary options,...

8.8CVSS8.3AI score0.01426EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/05/30 10:59 a.m.19 views

CVE-2024-5326 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated...

8.8CVSS6.4AI score0.01426EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/05/30 8:30 a.m.25 views

CVE-2024-4427 Comparison Slider <= 1.0.5 - Missing Authorization

The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugi...

4.3CVSS4.7AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2024/05/30 5:15 a.m.15 views

CVE-2024-3277

The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...

5CVSS5.3AI score0.00316EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/30 4:31 a.m.13 views

CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification

The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...

5CVSS6.5AI score0.00316EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.3 views

PT-2024-31095 · WordPress · Comparison Slider

Name of the Vulnerable Software and Affected Versions: Comparison Slider plugin for WordPress versions up to, and including, 1.0.5 Description: The issue allows authenticated attackers with subscriber access or above to modify data due to a missing capability check on several AJAX actions. This...

4.3CVSS6.7AI score0.00264EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.4 views

WordPress plugin PostX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.5AI score0.01426EPSS
Exploits1References5
Rows per page
Query Builder