CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10513 matches found

Positive Technologies•added 2024/01/16 12:0 a.m.•5 views

PT-2024-1211 · Oracle · Oracle Knowledge Management +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Oracle Knowledge Management product, allowing a low-privileged attacker with network access via HTTP to compromi...

6.4CVSS7.2AI score0.00269EPSS

Exploits0References9

Positive Technologies•added 2024/01/16 12:0 a.m.•1 views

PT-2024-1214 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Oracle Customer Interaction History product, specifically in the Outcome-Result component. This allows an...

6.4CVSS5.9AI score0.00361EPSS

Exploits0References8

Positive Technologies•added 2024/01/16 12:0 a.m.•4 views

PT-2024-1145 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via HTT...

8.6CVSS7.9AI score0.00503EPSS

Exploits0References12

Positive Technologies•added 2024/01/16 12:0 a.m.•7 views

PT-2024-1525 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior Description: The issue is related to insufficient input validation in the Server: DDL component of Oracle MySQL Server. It allows a high-privileged attacker with...

7.5CVSS4.9AI score0.01782EPSS

Exploits0References471

WPVulnDB•added 2024/01/12 12:0 a.m.•10 views

Ecwid Ecommerce Shopping Cart < 6.12.4 - Missing Authorization on multiple functions

Description The plugin is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple functions in all versions up to, and including, 6.12.3. This makes it possible for authenticated attackers to access developer tool pages...

6.8AI score

Exploits0References1Affected Software1

WPVulnDB•added 2024/01/12 12:0 a.m.•11 views

NitroPack < 1.10.0 - Missing Authorization via multiple AJAX functions

Description The plugin is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subscriber access and above...

6.8AI score

Exploits0References1Affected Software1

NVD•added 2024/01/11 9:15 a.m.•23 views

CVE-2023-7019

The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the inserttemplate function in all versions up to, and including, 2.6.8. This makes it possible for authenticated...

4.3CVSS4.3AI score0.00325EPSS

Exploits0References2

NVD•added 2024/01/11 9:15 a.m.•21 views

CVE-2023-6878

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssbajaxupdate' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permission...

8.8CVSS8.4AI score0.00487EPSS

Exploits0References2

NVD•added 2024/01/11 9:15 a.m.•38 views

CVE-2023-6875

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7...

9.8CVSS9.5AI score0.90339EPSS

Exploits6References4

OSV•added 2024/01/11 9:15 a.m.•5 views

CVE-2023-6878

6.5CVSS5.6AI score0.00487EPSS

Exploits0References2

OSV•added 2024/01/11 9:15 a.m.•10 views

CVE-2023-6875

9.8CVSS7AI score

Exploits0References4

OSV•added 2024/01/11 9:15 a.m.•3 views

CVE-2023-6742

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'enviragalleryinsertimages' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00406EPSS

Exploits0References3

NVD•added 2024/01/11 9:15 a.m.•34 views

CVE-2023-6598

The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycachesavevarniship, speedycacheimgupdatesettings, speedycachepreloadingaddsettings, and speedycachepreloadingdeleteresource functions in all versions up to, and...

4.3CVSS4.3AI score0.00358EPSS

Exploits0References2

NVD•added 2024/01/11 9:15 a.m.•11 views

CVE-2023-6369

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...

5.4CVSS5AI score0.00458EPSS

Exploits0References9

OSV•added 2024/01/11 9:15 a.m.•3 views

CVE-2023-6369

5.4CVSS5.7AI score0.00458EPSS

Exploits0References9