Lucene search
K

10515 matches found

WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.8 views

WooCommerce Google Sheet Connector < 1.3.12 - Missing Authorization

Description The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the executepostdata function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update...

5.3CVSS6.7AI score0.00431EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.6 views

PT-2024-17942 · WordPress · The Directorist: Ai-Powered Wordpress Business Directory Plugin With Classified Ads Listings

Name of the Vulnerable Software and Affected Versions: The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress versions up to, and including, 7.8.4 Description: The issue allows unauthorized modification of data due to a missing capability check on...

5.3CVSS6.1AI score0.00524EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/02/19 6:2 p.m.4 views

OpenJDK: IOR deserialization issue in CORBA (8303384)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...

5.3CVSS7.1AI score0.00888EPSS
Exploits0References4
OSV
OSV
added 2024/02/17 3:30 a.m.3 views

GHSA-47G3-MF24-6559 Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

3.1CVSS7.1AI score0.00553EPSS
Exploits0References9
OSV
OSV
added 2024/02/17 2:15 a.m.2 views

CVE-2024-20980

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Web Server. Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful...

5.4CVSS6.7AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2024/02/17 2:15 a.m.4 views

CVE-2024-20956

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Installation. Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

7.3CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2024/02/17 2:15 a.m.5 views

CVE-2024-20943

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge...

5.4CVSS7.3AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2024/02/17 2:15 a.m.5 views

CVE-2024-20935

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Engineering Change Order. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed...

6.1CVSS7.3AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2024/02/17 2:15 a.m.4 views

CVE-2024-20929

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: DB Privileges. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applicati...

6.5CVSS7.3AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2024/02/17 2:15 a.m.3 views

DEBIAN-CVE-2024-20919

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

5.9CVSS5.6AI score0.00792EPSS
Exploits0References1
OSV
OSV
added 2024/02/17 2:15 a.m.2 views

UBUNTU-CVE-2024-20919

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

5.9CVSS6.7AI score0.00792EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2024/02/17 2:15 a.m.44 views

CVE-2024-20919

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

5.9CVSS6.8AI score0.00792EPSS
Exploits0References6
OSV
OSV
added 2024/02/17 2:15 a.m.2 views

UBUNTU-CVE-2024-20925

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

3.1CVSS7.3AI score0.00553EPSS
Exploits0References2
OSV
OSV
added 2024/02/16 7:15 p.m.4 views

CVE-2024-21915

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...

8.8CVSS5.8AI score0.0099EPSS
Exploits0References1
OSV
OSV
added 2024/02/15 9:15 a.m.3 views

CVE-2023-4537

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...

7.4CVSS5.8AI score0.00611EPSS
Exploits0References3
Prion
Prion
added 2024/02/15 9:15 a.m.9 views

Design/Logic Flaw

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...

4CVSS7.7AI score0.00611EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/15 8:27 a.m.10 views

CVE-2023-4537 Protocol Downgrade in Comarch ERP XL

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...

7.4CVSS7.5AI score0.00611EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/15 8:27 a.m.32 views

CVE-2023-4537 Protocol Downgrade in Comarch ERP XL

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...

7.4CVSS7.8AI score0.00611EPSS
Exploits0References2
CVE
CVE
added 2024/02/15 8:27 a.m.43 views

CVE-2023-4537

CVE-2023-4537 affects Comarch ERP XL client (ERP XL: 2020.2.2–2023.2). The issue is a server‑side MS SQL protocol downgrade that can lead to unencrypted communication vulnerable to data interception and modification. The available documents confirm the affected software and the root cause (downgr...

7.4CVSS7.6AI score0.00611EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/02/15 12:0 a.m.6 views

EBM Technologies RISWEB SQL Injection Vulnerability

EBM Technologies RISWEB is an application from China-based EBM Technologies EBM Technologies. EBM Technologies RISWEB suffers from a SQL injection vulnerability that stems from not properly restricting user input. A remote attacker can inject SQL commands without authentication to be able to read...

9.8CVSS8.3AI score0.00848EPSS
Exploits0References2
Rows per page
Query Builder