7377 matches found
CVE-2024-21133
Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware component: Servlet. Supported versions that are affected are 12.2.1.4.0 and 12.2.1.19.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports...
CVE-2024-21133
Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware component: Servlet. Supported versions that are affected are 12.2.1.4.0 and 12.2.1.19.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports...
CVE-2024-21133
CVE-2024-21133 affects Oracle Reports Developer (Servlet) in Oracle Fusion Middleware. The root cause is insufficient input validation in the Servlet component, impacting versions 12.2.1.4.0 through 12.2.1.19.0. An unauthenticated attacker with network access via HTTP can cause unauthorized read,...
WordPress Brizy Plugin <= 2.4.44 is vulnerable to Broken Access Control
Software Brizy Type Plugin Vulnerable versions = 2.4.44 Fixed in 2.4.45 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1937 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5274a9cc7b66 Credits stealthcopter Required privilege...
PT-2024-5086 · Oracle · Oracle Reports Developer
Name of the Vulnerable Software and Affected Versions: Oracle Reports Developer versions 12.2.1.4.0 through 12.2.1.19.0 Description: The issue is related to insufficient input validation in the Servlet component of Oracle Reports Developer. This can be exploited by a remote attacker to gain read,...
WordPress WP RSS Aggregator Plugin <= 4.23.11 is vulnerable to Broken Access Control
Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.11 Fixed in 4.23.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6621 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2954812636fe Credits Peter Thaleikis Required...
WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5034 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 671675d484b6 Credits Bob Matyas Required privilege...
WordPress WP eStore Plugin < 8.5.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP eStore Type Plugin Vulnerable versions 8.5.5 Fixed in 8.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6075 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c3f59dd6bdda Credits Bob Matyas Required privileg...
EasySpider Security Vulnerability
EasySpider is a visual data collection and crawler software by the individual developer Naibo Wang. A security vulnerability exists in EasySpider version 0.6.2, which stems from a path traversal issue...
WordPress WP eStore Plugin < 8.5.5 is vulnerable to Cross Site Scripting (XSS)
Software WP eStore Type Plugin Vulnerable versions 8.5.5 Fixed in 8.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6072 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 416714c64e72 Credits Bob Matyas Required...
WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)
Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2870 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 057d34197d18 Credi...
WordPress WP Links Page Plugin <= 4.9.5 is vulnerable to Broken Access Control
Software WP Links Page Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6465 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3b1e0ddf2ea6 Credits Lucio Sá Required privilege...
WordPress Smart Image Gallery Plugin < 1.0.19 is vulnerable to Cross Site Request Forgery (CSRF)
Software Smart Image Gallery Type Plugin Vulnerable versions 1.0.19 Fixed in 1.0.19 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3632 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13b040259b7b Credits Bob Matyas...
WordPress Tournamatch Plugin < 4.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Tournamatch Type Plugin Vulnerable versions 4.6.1 Fixed in 4.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5627 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 160ba992cf57 Credits Davide Balzano Required...
WordPress Index WP MySQL For Speed Plugin < 1.4.18 is vulnerable to Cross Site Scripting (XSS)
Software Index WP MySQL For Speed Type Plugin Vulnerable versions 1.4.18 Fixed in 1.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4977 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de00e035d3ae Credits Guido Ivá...
WordPress Seriously Simple Podcasting Plugin < 3.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Seriously Simple Podcasting Type Plugin Vulnerable versions 3.3.0 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3751 Patch priority Low CVSS severity Low 5.9 Developer Castos PSID a88cd16d6fc7 Credits Thanh Hang Required...
WordPress Hostel Plugin < 1.1.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Hostel Type Plugin Vulnerable versions 1.1.5.3 Fixed in 1.1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3753 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8eec664963a4 Credits Bob Matyas Required...
WordPress CM Email Registration Blacklist and Whitelist Plugin < 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software CM Email Registration Blacklist and Whitelist Type Plugin Vulnerable versions 1.4.9 Fixed in 1.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5167 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 352ac64ce637...
WordPress Watu Quiz Plugin < 3.4.1.2 is vulnerable to Cross Site Scripting (XSS)
Software Watu Quiz Type Plugin Vulnerable versions 3.4.1.2 Fixed in 3.4.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2640 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 617bfa58ba67 Credits Eunho Kim Required privilege...
WordPress WP Total Branding Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software WP Total Branding Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6625 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a7d5303cf6ee Credits Artem Polynko Artem Polynk...