Lucene search
K

254 matches found

CNNVD
CNNVD
added 2024/11/16 12:0 a.m.3 views

WordPress plugin Convert Docx2post 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue exists...

9.1CVSS8.3AI score0.00476EPSS
Exploits0References1
Huntr
Huntr
added 2024/11/01 1:30 a.m.8 views

Server Side Request Forgery(SSRF) on WordExtractor in langgenius/dify

Summary The vulnerability occurs when uploading DOCX files in the "Create Knowledge" section. If an external relationship exists in the DOCX file, the reltype value is requested as a URL. Requests are sent using the 'requests' module instead of the 'ssrfproxy', which can lead to an SSRF...

6.5CVSS6.8AI score0.00472EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.3 views

PT-2024-28173 · Unknown · Seraphinite Post

Name of the Vulnerable Software and Affected Versions: Seraphinite Post .DOCX Source versions n/a through 2.16.9 Description: The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For...

4.3CVSS6.9AI score0.00362EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.4 views

WordPress plugin Seraphinite Post .DOCX Source 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.5AI score0.00362EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.309 views

Microsoft Word UNC Path Injector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Gems for extracting files require 'zip' Project for creating files require 'rex/zip' class MetasploitModule 'Microsoft Word UNC Path Injector', 'Description' = %q This...

7.4AI score
Exploits0
OSV
OSV
added 2024/07/22 11:15 a.m.4 views

CVE-2024-38728

Server-Side Request Forgery SSRF vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9...

6.4CVSS5.8AI score0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/22 10:22 a.m.16 views

CVE-2024-38728 WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9...

7.2CVSS7.2AI score0.00271EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/07/11 11:54 a.m.4 views

WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Seraphinite Post .DOCX Source versions = 2.16.9...

7.2CVSS7AI score0.00271EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/11 11:51 a.m.3 views

WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Seraphinite Post .DOCX Source versions = 2.16.9...

4.3CVSS7AI score0.00362EPSS
Exploits0Affected Software1
Fedora
Fedora
added 2024/03/30 1:9 a.m.54 views

[SECURITY] Fedora 39 Update: pandoc-3.1.3-29.fc39

Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...

6.3CVSS5.8AI score0.00368EPSS
Exploits1
Prion
Prion
added 2023/12/22 5:15 p.m.21 views

Design/Logic Flaw

Deepin Linux's default document reader deepin-reader software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution RCE can be achieved by...

4.4CVSS7.8AI score0.02118EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2023/11/30 2:15 p.m.19 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6...

6.8CVSS7.2AI score0.00256EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/30 1:14 p.m.4 views

CVE-2023-48279 WordPress Seraphinite Post .DOCX Source Plugin <= 2.16.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6...

4.3CVSS8.7AI score0.00256EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:14 p.m.75 views

CVE-2023-48279

CVE-2023-48279 is a CSRF vulnerability in the Seraphinite Post .DOCX Source WordPress plugin, affecting versions up to 2.16.6. The issue allows CSRF on settings updates and is fixed in version 2.16.7. Remediate by upgrading to 2.16.7 or later; the vulnerability is documented across multiple sourc...

8.8CVSS8.5AI score0.00256EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.6 views

PT-2023-30754 · Unknown · Seraphinite Post .Docx Source

Name of the Vulnerable Software and Affected Versions: Seraphinite Post .DOCX Source versions n/a through 2.16.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended...

8.8CVSS8.8AI score0.00256EPSS
Exploits0References6
Trellix
Trellix
added 2023/07/31 12:0 a.m.37 views

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics 

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics By Pratik Pachpor and Adarsh S · July 31, 2023 Executive Summary: In March-April 2023, we detected a malicious email campaign delivering .Net based XWorm RAT in which embedded blogspot.com URLs were used as an entry point. Thi...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 1:39 p.m.51 views

Security Bulletin: GNOME libxml2 vulnerability affects IBM Safer Payments (CVE-2023-29469)

Summary Libxml2 is used by IBM Safer Payments as part of PMML models, external queries, and docx file templates for Outgoing Channel Configurations. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29469 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service,...

6.5CVSS6.8AI score0.01013EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2023/07/17 3:24 p.m.333 views

Exploit for CVE-2022-30190

It is an exploit module/toolkit targeting Microsoft Windows. The...

9.3CVSS8AI score0.99374EPSS
Exploits62
vulnersOsv
vulnersOsv
added 2023/05/08 6:30 p.m.13 views

@karmalicious/nodejs-drivers (>=2.0.0 <=8.0.0), azupck (>=1.1.72 <=1.4.4) +13 more potentially affected by CVE-2023-2583 via jsreport (>=1.10.0 <=2.11.0)

jsreport NPM version =1.10.0, =2.0.0, =1.1.72, =1.0.28, =1.8.1, =1.0.1, =0.0.1, =1.0.0, =1.0.80, =1.1.36, =2.14.0, =2.30.0 Source cves: CVE-2023-2583 Source advisory: OSV:GHSA-G7RJ-Q722-245G...

10CVSS7.2AI score0.01128EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2023/04/11 12:0 a.m.58 views

Microsoft Office Word DOCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

7.8CVSS7.8AI score0.02719EPSS
Exploits3References1
Rows per page
Query Builder