Lucene search
K

10517 matches found

WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.21 views

weMail < 1.14.3 - Missing Authorization to Notice Dismissal

Description The weMail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the connectnotice function in versions up to, and including, 1.14.2. This makes it possible for unauthenticated attackers to dismiss notices...

5.3CVSS6.6AI score0.00381EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.3 views

WordPress plugin Email Subscribers by Icegram Express 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPress plugin...

8.8CVSS6.5AI score0.00392EPSS
Exploits0References3
Amazon
Amazon
added 2024/05/15 12:0 a.m.7 views

Low: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...

3.7CVSS5AI score0.01361EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/05/14 9:14 p.m.49 views

K000139594: libxml2 vulnerability CVE-2022-40304

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. CVE-2022-40304. Impact This vulnerability allows a remot...

7.8CVSS7.3AI score0.06782EPSS
Exploits0Affected Software12
NVD
NVD
added 2024/05/14 4:17 p.m.13 views

CVE-2024-34687

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, includin...

9CVSS6.4AI score0.00402EPSS
Exploits0References2
NVD
NVD
added 2024/05/14 3:43 p.m.14 views

CVE-2024-4280

The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetplugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings...

5.3CVSS5.5AI score0.00425EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/14 5:32 a.m.14 views

CVE-2024-4445 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...

6.5CVSS6.4AI score0.00343EPSS
Exploits0References3
CVE
CVE
added 2024/05/14 5:32 a.m.54 views

CVE-2024-4445

The CVE-2024-4445 entry concerns WP Compress – Image Optimizer (All-In-One) for WordPress. A missing capability check on several functions in versions up to 6.20.01 allows authenticated attackers with subscriber-level permissions and above to modify data, including plugin settings, and store cros...

6.5CVSS6.2AI score0.00343EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/05/14 5:32 a.m.29 views

CVE-2024-4445 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...

6.5CVSS7AI score0.00343EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/14 3:56 a.m.23 views

CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, includin...

6.5CVSS6.4AI score0.00402EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/14 3:56 a.m.23 views

CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, includin...

6.5CVSS6.6AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.6 views

PT-2024-31156 · WordPress · Wp Compress – Image Optimizer [All-In-One]

Name of the Vulnerable Software and Affected Versions: WP Compress – Image Optimizer All-In-One versions up to, and including, 6.20.01 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data, including editing plugin settings and storing...

6.5CVSS6.5AI score0.00343EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

WordPress plugin WP Compress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.5CVSS6.5AI score0.00343EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.18 views

Email Subscribers by Icegram Express < 5.7.20 - Missing Authorization in handle_ajax_request

Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible f...

8.8CVSS7.3AI score0.00392EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.2 views

WordPress plugin White Label CMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

5.3CVSS6.2AI score0.00425EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.15 views

WordPress plugin Swift Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.4AI score0.00377EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/05/13 12:0 a.m.18 views

YITH WooCommerce Gift Cards < 4.13.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update

Description The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savemailstatus' and 'saveemailsettings' functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated...

5.3CVSS6.7AI score0.00504EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/13 12:0 a.m.13 views

WP Compress – Image Optimizer [All-In-One] < 6.20.02 - Missing Authorization

Description The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with...

6.5CVSS6.3AI score0.00343EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.4 views

PT-2024-3806 · Cacti +3 · Cacti +3

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation tree rules.php is not thoroughly checked and is used to...

9.8CVSS7.3AI score0.99826EPSS
Exploits132References199
Vulnrichment
Vulnrichment
added 2024/05/10 5:34 a.m.14 views

CVE-2024-4280 White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset

The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetplugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings...

5.3CVSS6.7AI score0.00425EPSS
Exploits0References2
Rows per page
Query Builder