Lucene search
K

10515 matches found

OSV
OSV
added 2024/03/08 11:7 a.m.5 views

OESA-2024-1251 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to t...

7.1CVSS6.7AI score0.0037EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2024/03/08 12:0 a.m.14 views

EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Missing Authorization to Arbitrary Post Overwrite

Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for...

6.5CVSS6.7AI score0.0041EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/07 12:0 a.m.18 views

WooCommerce Add to Cart Custom Redirect < 1.2.14 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options Update

Description The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcrdismissadminnotice' function in all versions up to, and including, 1.2.13. This makes it possible for...

8.1CVSS6.5AI score0.00673EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/06 10:51 a.m.31 views

BIT-AIRFLOW-2023-50783 Apache Airflow: Improper access control vulnerability on the "varimport" endpoint

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are...

6.5CVSS6.2AI score0.0139EPSS
Exploits0References4
Prion
Prion
added 2024/03/06 6:15 a.m.24 views

Design/Logic Flaw

The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...

5CVSS5AI score0.00406EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/06 5:33 a.m.13 views

CVE-2024-1771 Total <= 2.1.59 - Missing Authorization to Authenticated (Subscriber+) Sections Update

The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...

4.3CVSS6.7AI score0.00406EPSS
Exploits0References3
CVE
CVE
added 2024/03/06 5:33 a.m.77 views

CVE-2024-1771

CVE-2024-1771 affects the WordPress Total theme up to version 2.1.59. Root cause: missing capability check in total_order_sections(), enabling authenticated users with subscriber+ access to modify homepage sections. Impact: unauthorized modification of data on the homepage. Mitigation: upgrade to...

4.3CVSS5.3AI score0.00406EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/06 12:0 a.m.23 views

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) < 2.8.8 - Missing Authorization

Description The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and...

4.3CVSS6.8AI score0.00507EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.7 views

WordPress Theme Total Security Vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Total 2.1.59 and earlier versions, which stems fro...

5.3CVSS6.5AI score0.00406EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/05 6:22 p.m.8 views

mysql: Server: Replication unspecified vulnerability (CPU Jan 2024)

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server as well a...

5.5CVSS7.3AI score0.0081EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/05 6:22 p.m.8 views

mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

2.7CVSS7.3AI score0.00782EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/05 6:22 p.m.3 views

mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

5.5CVSS7.3AI score0.01272EPSS
Exploits0References4
OSV
OSV
added 2024/03/05 2:15 a.m.2 views

CVE-2024-1178

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...

5.3CVSS7.3AI score0.00431EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/05 1:56 a.m.15 views

CVE-2024-1093

The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminlogic function hooked via admininit in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory...

5.3CVSS5.2AI score0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/05 1:56 a.m.12 views

CVE-2024-1285 Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambitbuildersavecontent' function in all versions up to, and including, 5.1.0. This makes it possible for...

6.5CVSS7AI score0.00431EPSS
Exploits0References2
CVE
CVE
added 2024/03/05 1:56 a.m.87 views

CVE-2024-1285

CVE-2024-1285 affects the Page Builder Sandwich – Front End WordPress Page Builder Plugin for WordPress. It permits unauthorized modification of data via a missing capability check in gambit_builder_save_content, affecting all versions up to 5.1.0. Attackers with subscriber+ privileges can insert...

6.5CVSS6.8AI score0.00431EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/05 1:55 a.m.11 views

CVE-2024-1178 SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...

5.3CVSS6.7AI score0.00431EPSS
Exploits0References2
CVE
CVE
added 2024/03/05 1:55 a.m.57 views

CVE-2024-1178

CVE-2024-1178 affects the WordPress plugin SportsPress – Sports Club & League Manager . The issue is a missing capability check in the settings_save() function, enabling unauthenticated modification of data (permalink structure) in all versions up to and including 2.7.17. The CVSS base score is 5...

5.3CVSS6AI score0.00431EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.4 views

WordPress Plugin Page Builder Sandwich Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.5CVSS6.5AI score0.00431EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.6 views

WordPress Plugin Change Memory Limit Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.5AI score0.00427EPSS
Exploits0References3
Rows per page
Query Builder