Lucene search
K

10517 matches found

CVE
CVE
added 2024/05/16 8:32 a.m.62 views

CVE-2024-4223

CVE-2024-4223 affects Tutor LMS – eLearning and online course solution (WordPress plugin) up to version 2.7.0. A missing capability check enables unauthenticated attackers to add, modify, or delete data via HTTP requests (network vector). Wordfence lists a patched status for this CVE, indicating ...

9.8CVSS6.6AI score0.00522EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.2 views

WordPress Plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS6.3AI score0.01183EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.5 views

PT-2024-29798 · WordPress · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS plugin for WordPress versions prior to 2.8.0 is not specified, however, the versions up to and including 2.7.0 are affected. Description: The issue allows unauthorized access, modification, and loss of data due to a missing capabili...

9.8CVSS6.1AI score0.00522EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.4 views

WordPress Plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS6.4AI score0.01023EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.4 views

Rockwell Automation FactoryTalk View SE 安全漏洞

Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation. Rockwell Automation FactoryTalk View SE suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in a back-end...

9.8CVSS7.6AI score0.00652EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.3 views

WordPress Plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.2CVSS6.2AI score0.00329EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.4 views

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.4AI score0.00522EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.4 views

PT-2024-29795 · WordPress · Tutor Lms Pro

Name of the Vulnerable Software and Affected Versions: Tutor LMS Pro plugin for WordPress versions prior to 2.7.1 Description: The issue allows unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This enables unauthenticated attackers to ad...

8.2CVSS6.9AI score0.00329EPSS
Exploits0References8
NVD
NVD
added 2024/05/15 9:15 a.m.18 views

CVE-2024-4010

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...

8.8CVSS8.9AI score0.00392EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 8:37 a.m.50 views

Security Bulletin: An IBM QRadar SIEM JDBC protocol is vulnerable to SQL injection (CVE-2024-1597)

Summary PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection which could allow a remote attacker to send specially crafted SQL statements enabling the attacker to view, add, modify or delete information. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC ...

10CVSS9.8AI score0.0481EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/15 8:34 a.m.13 views

CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...

8.8CVSS7.7AI score0.00392EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/15 8:34 a.m.25 views

CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...

8.8CVSS9AI score0.00392EPSS
Exploits0References2
CVE
CVE
added 2024/05/15 8:34 a.m.43 views

CVE-2024-4010

CVE-2024-4010 affects the WordPress plugin Email Subscribers by Icegram Express (all versions up to 5.7.19). The root cause is a missing capability check in handle_ajax_request, enabling authenticated users with subscriber-level access and above to perform unauthorized actions that compromise con...

8.8CVSS9.4AI score0.00392EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.17 views

Contact List – Easy Business Directory, Staff Directory and Address Book Plugin < 2.9.88 - Missing Authorization to Notice Dismissal

Description The Contact List – Easy Business Directory, Staff Directory and Address Book Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processnotifications function in versions up to, and including, 2.9.87. This makes it...

5.3CVSS6.9AI score0.00408EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.13 views

SportsPress – Sports Club & League Manager < 2.7.21 - Missing Authorization to Notice Dismissal

Description The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addnotices function in versions up to, and including, 2.7.20. This makes it possible for authenticated attackers, with...

6.3CVSS6.7AI score0.00246EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.14 views

Tutor LMS < 2.7.1 - Missing Authorization

Description The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify,...

9.8CVSS6.8AI score0.00522EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/15 12:0 a.m.6 views

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

6.4CVSS7.2AI score0.00328EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/05/15 12:0 a.m.6 views

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

6.4CVSS7.2AI score0.00382EPSS
Exploits0References2Affected Software2
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.21 views

weMail < 1.14.3 - Missing Authorization to Notice Dismissal

Description The weMail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the connectnotice function in versions up to, and including, 1.14.2. This makes it possible for unauthenticated attackers to dismiss notices...

5.3CVSS6.6AI score0.00381EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/15 12:0 a.m.6 views

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

6.4CVSS7.2AI score0.00197EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder