CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2024/01/03 10:15 a.m.•18 views

CVE-2024-0201

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savesettings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions ...

5.4CVSS5.2AI score0.00392EPSS

Exploits0References3

Prion•added 2024/01/03 10:15 a.m.•14 views

Design/Logic Flaw

4CVSS6.7AI score0.00392EPSS

NVD•added 2024/01/03 6:15 a.m.•23 views

CVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...

8.6CVSS7.6AI score0.00478EPSS

Prion•added 2024/01/03 6:15 a.m.•18 views

Cross site scripting

4.9CVSS6.2AI score0.00478EPSS

Exploits0References4Affected Software1

Cvelist•added 2024/01/03 5:31 a.m.•27 views

CVE-2023-6600 OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <= 5.7.9 - Missing Authorization to Unauthenticated Directory Deletion and Cross-Site Scripting

8.6CVSS7.5AI score0.00478EPSS

Vulnrichment•added 2024/01/03 5:31 a.m.•4 views

CVE-2023-6600 OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <= 5.7.9 - Missing Authorization to Unauthenticated Directory Deletion and Cross-Site Scripting

8.6CVSS6.7AI score0.00478EPSS

CNNVD•added 2024/01/03 12:0 a.m.•4 views

WordPress Plugin Product Expiry for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6.5AI score0.00392EPSS

WPVulnDB•added 2024/01/03 12:0 a.m.•11 views

Easy Social Feed < 6.5.3 - Subscriber+ Settings Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's...

4.3CVSS6.8AI score0.00323EPSS

WPVulnDB•added 2024/01/03 12:0 a.m.•12 views

Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Inquiry Saving & Sensitive Information Disclosure

Description The plugin is vulnerable to unauthorized access and modification of data due to an improper capability check on the catalogrestroutesreactmodule REST endpoints, allowing unauthenticated attackers to view data from admin tabs and save enquiries...

7.1AI score

WPVulnDB•added 2024/01/03 12:0 a.m.•18 views

Piotnet Forms < 1.0.30 - Missing Authorization via multiple AJAX actions

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX functions, allowing unauthenticated attackers to save draft posts and download arbitrary JSON files from the server...

9.4AI score0.00295EPSS

VulnCheck KEV•added 2024/01/02 12:0 a.m.•10 views

VulnCheck KEV: CVE-2023-6600

8.6CVSS6.8AI score0.00478EPSS

Exploits0References1

OSV•added 2023/12/21 12:30 p.m.•18 views

GHSA-5938-79HG-XH3Q Apache Airflow Improper Access Control vulnerability

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are...

6.5CVSS6.2AI score0.0139EPSS

Exploits0References7

NVD•added 2023/12/21 10:15 a.m.•17 views

CVE-2023-50783

6.5CVSS0.0139EPSS

Exploits0References3

Prion•added 2023/12/21 10:15 a.m.•15 views

Code injection

4CVSS6.7AI score0.0139EPSS

OSV•added 2023/12/21 10:15 a.m.•18 views

PYSEC-2023-267

6.5CVSS6.3AI score0.0139EPSS

Exploits0References6

CVE•added 2023/12/21 9:28 a.m.•61 views

CVE-2023-50783

Apache Airflow prior to 2.8.0 is affected by an improper access control vulnerability that allows an authenticated user without the variable edit permission to update a variable, compromising variable management integrity and potentially enabling unauthorized data modifications. The issue is docu...

6.5CVSS6.2AI score0.0139EPSS

Cvelist•added 2023/12/21 9:28 a.m.•23 views

CVE-2023-50783 Apache Airflow: Improper access control vulnerability on the "varimport" endpoint

6.5AI score0.0139EPSS

Exploits0References3

Rosalinux•added 2023/12/19 12:8 p.m.•27 views

Advisory ROSA-SA-2023-2314

Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2020-14779 BDU-ID: 2020-05051 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Serialization component of the Java SE, Java SE Embedded software platforms is related t...

4.3CVSS8.7AI score0.04238EPSS

Exploits0

BDU FSTEC•added 2023/12/19 12:0 a.m.•4 views

The vulnerability of the Nagios XI monitoring tool lies in its use of strictly encrypted user data. This allows a malicious actor to gain access to read, modify, or delete data, execute arbitrary code, or trigger a service failure.

The vulnerability of the Nagios XI monitoring tool is related to the use of strictly encrypted user data. Exploiting this vulnerability allows an attacker to gain access to read, modify, or delete data, execute arbitrary code, or trigger a service failure...

3.2CVSS5.8AI score