Lucene search
K

10518 matches found

CVE
CVE
added 2024/05/18 7:38 a.m.124 views

CVE-2024-2782

CVE-2024-2782 affects WordPress plugin Fluent Forms (Contact Form Plugin for Quiz, Survey, and Drag & Drop WP Form Builder) versions

7.5CVSS6.5AI score0.0123EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/18 12:0 a.m.5 views

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS6.4AI score0.0123EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/05/17 12:0 a.m.4 views

The vulnerability of the Unified Audit component of the Oracle Database Server system allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Unified Audit component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to read, modify, add, or delete data...

6.1CVSS7.2AI score0.00411EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/17 12:0 a.m.5 views

The vulnerability of the XML input component of the software tool for working with Oracle Web Applications and Oracle E-Business Suite desktop integration solutions for enterprise automation activities allows a malicious individual to gain unauthorized access to data or to modify, add, or delete protected data.

The vulnerability of the XML input component of the software tool for working with Oracle Web Applications, a desktop integration system for automating business activities within the Oracle E-Business Suite, is related to insufficient validation of entered data. Exploiting this vulnerability can...

4.3CVSS7.2AI score0.00417EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2024/05/16 4:15 p.m.4 views

CVE-2024-4609

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

9.8CVSS5.8AI score0.00652EPSS
Exploits0References1
CVE
CVE
added 2024/05/16 3:13 p.m.62 views

CVE-2024-4609

CVE-2024-4609 affects Rockwell Automation FactoryTalk View SE Datalog function. The vulnerability allows SQL injection when the SQL database has no authentication or legitimate credentials are stolen, potentially exposing sensitive information and allowing modification/deletion of remote database...

9.8CVSS7.1AI score0.00652EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/16 10:15 a.m.20 views

CVE-2024-4352

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'getcalendarmaterials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...

8.8CVSS8.6AI score0.01183EPSS
Exploits0References2
OSV
OSV
added 2024/05/16 10:15 a.m.8 views

CVE-2024-4351

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...

8.8CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2024/05/16 10:15 a.m.6 views

CVE-2024-4222

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...

8.2CVSS6.7AI score0.00329EPSS
Exploits0References2
NVD
NVD
added 2024/05/16 10:15 a.m.21 views

CVE-2024-4222

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...

8.2CVSS7.2AI score0.00329EPSS
Exploits0References2
CVE
CVE
added 2024/05/16 9:32 a.m.73 views

CVE-2024-4352

CVE-2024-4352 affects Tutor LMS Pro for WordPress. The Red Hat and NVD entries confirm a missing capability check in the function get_calendar_materials, enabling unauthorized access and data modification/loss. It also permits SQL Injection via the year parameter due to insufficient escaping and ...

8.8CVSS7AI score0.01183EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/16 9:32 a.m.86 views

CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'getcalendarmaterials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...

8.8CVSS8.8AI score0.01183EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/16 9:32 a.m.28 views

CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...

7.3CVSS7.4AI score0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/16 9:32 a.m.103 views

CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...

8.8CVSS8.8AI score0.01023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/16 9:32 a.m.18 views

CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...

8.8CVSS6.8AI score0.01023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/16 9:32 a.m.19 views

CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...

7.3CVSS6.8AI score0.00329EPSS
Exploits0References2
CVE
CVE
added 2024/05/16 9:32 a.m.71 views

CVE-2024-4222

CVE-2024-4222 affects the Tutor LMS Pro WordPress plugin. A missing capability check in multiple functions allows unauthenticated attackers to add, modify or delete user meta and plugin options across versions up to 2.7.0. The issue enables unauthorized data access/modification and data loss. Rem...

8.2CVSS6.6AI score0.00329EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/16 9:32 a.m.76 views

CVE-2024-4351

CVE-2024-4351 affects Tutor LMS Pro (WordPress) where a missing capability check in the authenticate function across versions up to and including 2.7.0 allows authenticated users with subscriber-level permissions or higher to gain control of an existing administrator account. Public details confi...

8.8CVSS6.6AI score0.01023EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/16 9:15 a.m.32 views

CVE-2024-4223

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete...

9.8CVSS9.4AI score0.00522EPSS
Exploits0References2
OSV
OSV
added 2024/05/16 9:15 a.m.3 views

CVE-2024-4223

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete...

9.8CVSS5.8AI score0.00522EPSS
Exploits0References2
Rows per page
Query Builder