CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10511 matches found

Tenable Nessus•added 2023/05/24 12:0 a.m.•32 views

Oracle Linux 8 : container-tools:4.0 (ELSA-2023-2802)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2802 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closin...

7.5CVSS7.5AI score0.05623EPSS

Exploits5References15

Vulnrichment•added 2023/05/23 11:36 p.m.•9 views

CVE-2023-2494 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Missing Authorization to Limited Privilege Granting

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpostdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role...

4.6CVSS7.2AI score0.00369EPSS

Exploits0References2

CVE•added 2023/05/23 11:36 p.m.•64 views

CVE-2023-2494

CVE-2023-2494 affects the Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress. Vulnerable in versions up to 3.3.19 due to a missing capability check in the function process_postdata, enabling authenticated attackers (with a role granted access to the plugin) to modify access to ...

8.8CVSS8.2AI score0.00369EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2023/05/23 12:0 a.m.•3 views

PT-2023-21701 · Unknown · Snow Monkey Forms

Name of the Vulnerable Software and Affected Versions: Snow Monkey Forms versions v5.0.6 and earlier Description: A directory traversal vulnerability allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service DoS condition...

9.8CVSS9.6AI score0.02021EPSS

Exploits0References7

Positive Technologies•added 2023/05/23 12:0 a.m.•5 views

PT-2023-19836 · WordPress · The Go Pricing - Wordpress Responsive Pricing Tables

Name of the Vulnerable Software and Affected Versions: The Go Pricing - WordPress Responsive Pricing Tables plugin versions up to, and including, 3.3.19 Description: The issue allows unauthorized modification of data due to a missing capability check on the process postdata function. This makes i...

8.8CVSS8.7AI score0.00369EPSS

Exploits0References6

OSV•added 2023/05/22 2:15 p.m.•3 views

CVE-2022-46680

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic...

9.8CVSS5.8AI score0.00379EPSS

Exploits0References1

Prion•added 2023/05/22 2:15 p.m.•23 views

Design/Logic Flaw

7.5CVSS9.2AI score0.00379EPSS

Exploits0References1Affected Software3

CVE•added 2023/05/22 1:25 p.m.•56 views

CVE-2022-46680

CVE-2022-46680 affects Schneider Electric PowerLogic ION7000/ION9000 family devices (ION9000, ION7400; PM8000; ION8650, ION8800) with the vulnerability described as Cleartext Transmission of Sensitive Information (CWE-319). Root cause: sensitive data can be transmitted in cleartext over the ION/T...

9.8CVSS9.2AI score0.00379EPSS

Exploits0References1Affected Software1

CNNVD•added 2023/05/22 12:0 a.m.•4 views

Schneider Electric PowerLogic 安全漏洞

Schneider Electric PowerLogic is an industrial control device from Schneider Electric, France. Provides increased power factor to improve power quality and troubleshoot power failures to protect networks, devices, and operators. A security vulnerability exists in the Schneider Electric PowerLogic...

9.8CVSS8.6AI score0.00379EPSS

Exploits0References3

NVD•added 2023/05/20 3:15 a.m.•11 views

CVE-2023-2716

The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajaxuploadfile' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access...

5.4CVSS5.2AI score0.00467EPSS

Exploits0References3

ATTACKERKB•added 2023/05/20 3:15 a.m.•2 views

CVE-2023-2715

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...

4.3CVSS6.8AI score0.00561EPSS

Exploits0References4

ATTACKERKB•added 2023/05/20 3:15 a.m.•6 views

CVE-2023-2716

5.4CVSS6.8AI score0.00467EPSS

Exploits0References4

OSV•added 2023/05/20 3:15 a.m.•5 views

CVE-2023-2715

4.3CVSS6.6AI score0.00561EPSS

Exploits0References3

NVD•added 2023/05/20 3:15 a.m.•13 views

CVE-2023-2715

4.3CVSS4.3AI score0.00561EPSS

Exploits0References3

NVD•added 2023/05/20 3:15 a.m.•10 views

CVE-2023-2714

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'checklicense' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS4.3AI score0.00528EPSS

Exploits0References4

Prion•added 2023/05/20 3:15 a.m.•17 views

Design/Logic Flaw

4CVSS4.4AI score0.00561EPSS

Exploits0References3Affected Software1

Prion•added 2023/05/20 3:15 a.m.•11 views

Design/Logic Flaw

5.5CVSS5.2AI score0.00467EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/05/20 2:3 a.m.•9 views

CVE-2023-2716 Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload