Lucene search
K

10517 matches found

CNNVD
CNNVD
added 2024/04/16 12:0 a.m.2 views

Oracle MySQL 安全漏洞

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized update, insert, or delete access to MySQL Server-accessible data, as well as unauthorized read access to a subs...

4.9CVSS5.4AI score0.00424EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/04/15 12:0 a.m.17 views

Country State City Dropdown CF7 < 2.7.2 - Missing Authorization

Description The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tccscapatchsettings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...

4.3CVSS6.4AI score0.00445EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2024/04/13 2:10 a.m.1 views

SUSE CVE-2024-26763

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...

5.5CVSS6.2AI score0.00282EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/04/13 12:0 a.m.3 views

WordPress Plugin Smart Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

6.4CVSS6.6AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.9 views

PT-2024-3155 · WordPress · Forminator

Name of the Vulnerable Software and Affected Versions: Forminator versions prior to 1.29.3 Description: The issue is related to a SQL injection vulnerability due to a lack of protection measures for the SQL query structure. This vulnerability can be exploited by a remote attacker to modify...

9CVSS7.1AI score0.30361EPSS
Exploits0References14
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.13 views

WP Sort Order < 1.3.2 - Missing Authorization

Description The WP Sort Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions such as updatemenuorder in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS6.2AI score0.00323EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/10 5:15 p.m.10 views

CVE-2024-1643

By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The fla...

9.1CVSS9.1AI score0.0068EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/10 5:7 p.m.22 views

CVE-2024-1643 Unauthorized Organization Access in lunary-ai/lunary

By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The fla...

9.1CVSS6.7AI score0.0068EPSS
Exploits0References2
NVD
NVD
added 2024/04/10 5:15 a.m.21 views

CVE-2024-1042

The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00362EPSS
Exploits0References2
OSV
OSV
added 2024/04/10 5:15 a.m.5 views

CVE-2024-1042

The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated...

5.4CVSS5.8AI score0.00362EPSS
Exploits0References2
CVE
CVE
added 2024/04/10 4:30 a.m.60 views

CVE-2024-1042

CVE-2024-1042 affects the WP Radio plugin for WordPress (versions up to 3.1.9). Description shows unauthorized modification of data via missing capability checks on several AJAX actions, allowing authenticated users with subscriber+ privileges to import stations, remove countries, and alter plugi...

6.4CVSS6AI score0.00362EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/10 4:30 a.m.33 views

CVE-2024-1042 WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions

The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00362EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.4 views

lunary 信息泄露漏洞

lunary is a production toolkit for LLM. lunary suffers from an information disclosure vulnerability that stems from inadequate validation of user permissions when joining the organization. An attacker could use this vulnerability to read and modify all data within the organization...

9.1CVSS6.1AI score0.0068EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.3 views

WordPress plugin WP Radio 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.6AI score0.00362EPSS
Exploits0References3
OSV
OSV
added 2024/04/09 7:15 p.m.6 views

CVE-2024-3213

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssiupdatecounts function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive...

8.2CVSS5.9AI score0.0081EPSS
Exploits0References3
NVD
NVD
added 2024/04/09 7:15 p.m.11 views

CVE-2024-1934

The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpslocalcompress::construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset th...

7.5CVSS7.3AI score0.00718EPSS
Exploits0References3
NVD
NVD
added 2024/04/09 7:15 p.m.12 views

CVE-2024-1641

The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with...

5.4CVSS5.2AI score0.00481EPSS
Exploits0References3
NVD
NVD
added 2024/04/09 7:15 p.m.17 views

CVE-2024-1352

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtclimportlocation rtclimportcategory functions in all versions up to, and including, 3.0.4. This makes it...

6.5CVSS6.1AI score0.00552EPSS
Exploits0References3
CVE
CVE
added 2024/04/09 6:59 p.m.46 views

CVE-2024-1352

CVE-2024-1352 affects the Classified Listing plugin for WordPress (Classified Listing – Classified ads & Business Directory Plugin) up to version 3.0.4. The root cause is a missing capability check in rtcl_import_location() and rtcl_import_category(), enabling authenticated users with subscriber-...

6.5CVSS8.9AI score0.00552EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/04/09 6:59 p.m.18 views

CVE-2024-1934 WP Compress – Image Optimizer <= 6.11.08 - Missing Authorization to Unauthenticated CDN Modification

The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpslocalcompress::construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset th...

7.5CVSS7.5AI score0.00718EPSS
Exploits0References3
Rows per page
Query Builder