Lucene search
K

10515 matches found

BDU FSTEC
BDU FSTEC
added 2024/02/14 12:0 a.m.4 views

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in authentication errors, which allow attackers to modify arbitrary data.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to authentication errors. Exploiting this vulnerability allows a malicious actor to modify arbitrary data remotely...

4.3CVSS5.5AI score0.01305EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/02/13 2:30 a.m.20 views

CVE-2024-22131 Code Injection vulnerability in SAP ABA (Application Basis)

In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...

9.1CVSS9.2AI score0.01079EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/02/13 12:0 a.m.12 views

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.11.2 - Missing Authorization via pms_stripe_connect_handle_authorization_return

Description The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up t...

5.3CVSS6.9AI score0.00519EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.2 views

PT-2024-5016 · Sap · Sap Aba

Name of the Vulnerable Software and Affected Versions: SAP ABA Application Basis versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I Description: The issue in SAP ABA is related to incorrect code generation management, allowing an attacker with remote execution authorization to use a...

9.1CVSS7AI score0.01079EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2024/02/09 2:59 a.m.61 views

CVE-2023-4639

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

7.4CVSS6.5AI score0.01117EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.17 views

Element Pack Elementor Addons < 5.4.12 - Missing Authorization via bdt_duplicate_as_draft

Description The Element Pack Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bdtduplicateasdraft' function in versions up to, and including, 5.4.11. This makes it possible for authenticated attackers, with...

4CVSS6.7AI score0.00288EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/09 12:0 a.m.6 views

The vulnerability of the RESTEasy software lies in insufficient validation of input data, which allows attackers to modify the information.

The vulnerability of the RESTEasy software is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to modify the information...

7.8CVSS7.2AI score0.02023EPSS
Exploits0References7Affected Software16
Github Security Blog
Github Security Blog
added 2024/02/07 6:25 p.m.28 views

Pimcore Admin Classic Bundle permissions are not getting checked when working with tags

Impact You can create, delete etc. tags without having the permission to do so. This vulnerability allows an attacker to perform broken access control and add tags to admin panel and add dumy data. One can do this as intruder and add text parameters with random numbers and this will effect...

9.1CVSS7AI score0.00544EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/02/07 11:15 a.m.20 views

CVE-2024-1110

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings...

5.3CVSS6.7AI score
Exploits0References3
CVE
CVE
added 2024/02/07 11:2 a.m.202 views

CVE-2024-1110

The Podlove Podcast Publisher plugin for WordPress (up to and including version 4.0.11) is vulnerable to unauthorized data modification due to a missing capability check on init(). This enables unauthenticated attackers to import or modify the plugin’s settings. The issue is triggered across all ...

5.3CVSS5.4AI score0.00524EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/07 11:2 a.m.10 views

CVE-2024-1110 Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings...

5.3CVSS6.7AI score0.00524EPSS
Exploits0References3
NVD
NVD
added 2024/02/07 8:15 a.m.15 views

CVE-2024-1078

The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS4.4AI score0.00359EPSS
Exploits0References2
OSV
OSV
added 2024/02/07 8:15 a.m.2 views

CVE-2024-1078

The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS7.4AI score0.00359EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/07 12:0 a.m.3 views

Cisco Expressway Series 跨站请求伪造漏洞

Cisco Expressway Series is a software for accessing devices outside the firewall from Cisco USA. A cross-site request forgery vulnerability exists in Cisco Expressway Series, which can be exploited by an attacker to modify sensitive information or perform unauthorized operations...

8.2CVSS6.6AI score0.00603EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.4 views

PT-2024-16539 · WordPress · Quiz Maker

Name of the Vulnerable Software and Affected Versions: The Quiz Maker plugin for WordPress versions up to, and including, 6.5.2.4 Description: The issue is related to a missing capability check on the ays quick start and add question rows functions. This allows authenticated attackers with...

4.3CVSS5.2AI score0.00359EPSS
Exploits0References9
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.10 views

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in optimizeAllOn

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4.3CVSS6.3AI score0.00428EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/07 12:0 a.m.6 views

The vulnerability of the Security component of the Oracle Java SE software platform, as well as the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Security component of Oracle Java SE software, as well as of Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the...

7.4CVSS6.7AI score0.00911EPSS
Exploits0References10Affected Software11
Prion
Prion
added 2024/02/06 3:15 p.m.14 views

Authentication flaw

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files...

7.5CVSS7.4AI score0.00981EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.12 views

Podlove Podcast Publisher < 4.0.12 - Missing Authorization to Settings Import

Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settin...

5CVSS6.9AI score0.00524EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.15 views

Quiz Maker < 6.5.2.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification

Description The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.00359EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder