Lucene search
+L

364 matches found

Veracode
Veracode
added 2024/05/20 7:51 a.m.10 views

Security Bypass

datadog/dd-trace is vulnerable to Security Bypass. The vulnerability is due to insufficient constraint on the ddtrace.requestinithook by the openbasedir INI directive, which allows an attacker to bypass the openbasedir INI directive...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/15 6:33 p.m.14 views

datadog/dd-trace Circumvents open_basedir INI directive

datadog/dd-trace versions 0.30.0 prior to 0.30.2 are affected by a security and stability issue outlined in PR 579. This pull request ensures that the ddtrace.requestinithook remains bound by the openbasedir INI directive, effectively addressing potential vulnerabilities related to openbasedir...

7.2AI score
Exploits0References6Affected Software1
OSV
OSV
added 2024/05/15 6:33 p.m.10 views

GHSA-QVGG-R6RQ-VWFX datadog/dd-trace Circumvents open_basedir INI directive

datadog/dd-trace versions 0.30.0 prior to 0.30.2 are affected by a security and stability issue outlined in PR 579. This pull request ensures that the ddtrace.requestinithook remains bound by the openbasedir INI directive, effectively addressing potential vulnerabilities related to openbasedir...

7.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.6 views

PT-2024-40441 · Datadog · Datadog/Dd-Trace

Name of the Vulnerable Software and Affected Versions: datadog/dd-trace versions 0.30.0 through 0.30.1 Description: The issue concerns a security and stability problem where the ddtrace.request init hook was not properly bound by the open basedir INI directive, potentially leading to...

7.4AI score
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.10 views

DD Rating <= 1.7.1 - Authenticated (Author+) Stored Cross-Site Scripting

Description The DD Rating plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitra...

5.9CVSS5.9AI score0.00319EPSS
Exploits0References1
NVD
NVD
added 2024/03/31 8:15 p.m.20 views

CVE-2024-30554

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wouter Dijkstra DD Rating allows Stored XSS.This issue affects DD Rating: from n/a through 1.7.1...

5.9CVSS5.7AI score0.00319EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/31 7:49 p.m.11 views

CVE-2024-30554 WordPress DD Rating plugin <= 1.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wouter Dijkstra DD Rating allows Stored XSS.This issue affects DD Rating: from n/a through 1.7.1...

5.9CVSS8.6AI score0.00319EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/31 7:49 p.m.39 views

CVE-2024-30554 WordPress DD Rating plugin <= 1.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wouter Dijkstra DD Rating allows Stored XSS.This issue affects DD Rating: from n/a through 1.7.1...

5.9CVSS5.9AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/31 12:0 a.m.19 views

WordPress Plugin DD Rating 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin DD Rating A cross-site...

5.9CVSS7.5AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/31 12:0 a.m.9 views

PT-2024-23484 · Dd Rating · Dd Rating

Name of the Vulnerable Software and Affected Versions: DD Rating versions 1.7.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability, specifically Stored XSS. Recommendations: For DD...

5.9CVSS8.5AI score0.00319EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/03/29 12:0 a.m.15 views

WordPress DD Rating Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software DD Rating Type Plugin Vulnerable versions = 1.7.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30554 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 84c2a6915ce6 Credits Cronus Required privilege Author Published 29...

5.9CVSS6.6AI score0.00319EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2024/02/12 11:56 a.m.13 views

marioncountydd.org Cross Site Scripting vulnerability OBB-3851835

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.18 views

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) < 2.7.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The PowerPack Addons for Elementor Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied...

4.9CVSS5.7AI score0.00423EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.7 views

Online Notice Board System SQL Injection Vulnerability

Online Notice Board System is an online bulletin board system. A SQL injection vulnerability exists in Online Notice Board System v1.0, which occurs when the dd parameter of the registration.php page is processed without filtering and sent to the database for processing...

9.8CVSS8AI score0.00672EPSS
Exploits1References3
OSV
OSV
added 2023/12/14 4:15 p.m.4 views

CVE-2023-48667

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the...

7.2CVSS7.3AI score0.01778EPSS
Exploits0References1
OSV
OSV
added 2023/12/14 4:15 p.m.6 views

CVE-2023-48668

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands o...

6.7CVSS6AI score0.00463EPSS
Exploits0References1
OSV
OSV
added 2023/12/14 4:15 p.m.6 views

CVE-2023-44286

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a...

6.1CVSS5.9AI score0.00757EPSS
Exploits0References1
NVD
NVD
added 2023/12/14 4:15 p.m.16 views

CVE-2023-44285

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege...

7.8CVSS0.00221EPSS
Exploits0References1
OSV
OSV
added 2023/12/14 4:15 p.m.4 views

CVE-2023-44285

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege...

7.8CVSS5.8AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2023/12/14 4:15 p.m.2 views

CVE-2023-44279

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a...

6.7CVSS5.8AI score0.00616EPSS
Exploits0References1
Rows per page
Query Builder