Lucene search
K

10517 matches found

WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.13 views

Classified Listing – Classified ads & Business Directory Plugin < 3.0.5 - Missing Authorization

Description The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtclimportlocation rtclimportcategory functions in all versions up to, and including, 3.0.4. Th...

6.5CVSS6.4AI score0.00552EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/04 12:0 a.m.3 views

The vulnerability in the web interface of the Cisco Catalyst Center (formerly Cisco DNA Center) allows a attacker to access and modify data.

The vulnerability of the web-based interface of the Cisco Catalyst Center formerly Cisco DNA Center is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain access and modify data by sending a specially crafted HTTP request...

4.3CVSS5.5AI score0.00365EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/04/03 5:15 p.m.17 views

CVE-2024-26763

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...

7.1CVSS7.3AI score0.00282EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2024/04/03 5:15 p.m.38 views

CVE-2024-26763

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...

7.1CVSS6.3AI score0.00282EPSS
Exploits0References22
Cvelist
Cvelist
added 2024/04/03 5:0 p.m.22 views

CVE-2024-26763 dm-crypt: don't modify the data when using authenticated encryption

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...

7.6AI score0.00282EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/04/03 5:0 p.m.13 views

CVE-2024-26763 dm-crypt: don't modify the data when using authenticated encryption

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...

6.7AI score0.00282EPSS
Exploits0References8
CVE
CVE
added 2024/04/03 5:0 p.m.131 views

CVE-2024-26763

CVE-2024-26763 is a Linux kernel vulnerability in dm-crypt related to authenticated encryption. The issue arises when data is modified during encryption, which could produce an invalid tag. The fix copies the data into a clone bio and encrypts there, avoiding in-place modification and potential d...

7.1CVSS6.1AI score0.00282EPSS
Exploits0References10Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.23 views

WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes

Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to an improper capability check on the 'pricingplans', 'blockdate', 'managerbookings', and 'updatefieldroom' functions for the 'pricing-plans', 'block-date',...

6.6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/03 12:0 a.m.5 views

The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar, related to authentication flaws, allows attackers to intercept and modify data in Pulsar streams.

The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to intercept and modify data in Pulsar streams remotely...

8.5CVSS6.8AI score0.01359EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/02 9:32 a.m.53 views

CVE-2024-1807

CVE-2024-1807 affects the Product Sort and Display for WooCommerce plugin (WordPress). Root cause: missing capability check in the psad_update_product_cat_custom_meta_ajax function, impacting all versions up to 2.4.1. Consequence: unauthenticated attackers could modify data to hide product catego...

6.5CVSS9.1AI score0.00561EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.7 views

WordPress plugin Product Sort and Display for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS8.3AI score0.00561EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/04/02 12:0 a.m.5 views

The vulnerability of the virtual learning environment Moodle, related to the lack of security measures for the website structure, allows attackers to gain access to read, modify, or delete data, as well as execute cross-site attacks.

The vulnerability in the virtual training environment Moodle is related to the lack of measures taken to protect the structure of the web page during the processing of the GET /?lang= parameter. Exploiting this vulnerability can allow a malicious actor to gain access to read, modify, or delete...

6.5CVSS6.3AI score0.00533EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/30 4:31 a.m.17 views

CVE-2024-2086

The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple...

10CVSS6.5AI score0.0074EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/30 4:31 a.m.24 views

CVE-2024-2086 Integrate Google Drive <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export

The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple...

10CVSS9.2AI score0.0074EPSS
Exploits0References2
CVE
CVE
added 2024/03/30 4:31 a.m.70 views

CVE-2024-2086

CVE-2024-2086 affects the WordPress plugin Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site. It has a missing capability check on multiple AJAX calls in versions up to 1.3.8, allowing an authenticated attac...

10CVSS8.9AI score0.0074EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/30 12:0 a.m.2 views

WordPress Plugin Integrate Google Drive 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

10CVSS8.2AI score0.0074EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/29 11:2 a.m.11 views

CVE-2024-2848

The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefootertextcallback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into th...

7.5CVSS6.9AI score0.00657EPSS
Exploits0References3
NVD
NVD
added 2024/03/29 6:15 a.m.21 views

CVE-2024-2844

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

4.3CVSS4.5AI score0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/29 5:35 a.m.23 views

CVE-2024-2844 Easy Appointments <= 3.11.18 - Insufficient Authorization

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

4.3CVSS4.8AI score0.00435EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/29 5:35 a.m.11 views

CVE-2024-2844 Easy Appointments <= 3.11.18 - Insufficient Authorization

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

4.3CVSS7.2AI score0.00435EPSS
Exploits0References3
Rows per page
Query Builder