Lucene search
+L

174 matches found

Cvelist
Cvelist
added 2024/04/15 7:36 a.m.27 views

CVE-2024-32127 WordPress Find Duplicates plugin <= 1.4.6 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Markus Seyer Find Duplicates.This issue affects Find Duplicates: from n/a through 1.4.6...

8.5CVSS9.1AI score0.00577EPSS
Exploits0References1
CVE
CVE
added 2024/04/15 7:36 a.m.61 views

CVE-2024-32127

CVE-2024-32127 is an SQL injection vulnerability in the WordPress plugin Find Duplicates by Markus Seyer. The issue is described as an improper neutralization of special elements used in an SQL command, affecting Find Duplicates versions from n/a up to 1.4.6. The public data in the connected docu...

8.8CVSS5.5AI score0.00577EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/15 7:36 a.m.19 views

CVE-2024-32127 WordPress Find Duplicates plugin <= 1.4.6 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Markus Seyer Find Duplicates.This issue affects Find Duplicates: from n/a through 1.4.6...

8.5CVSS7.7AI score0.00577EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.5 views

PT-2024-24421 · Unknown · Markus Seyer Find Duplicates

Name of the Vulnerable Software and Affected Versions: Markus Seyer Find Duplicates versions 1.4.6 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by...

8.8CVSS7AI score0.00577EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.6 views

WordPress Plugin Find Duplicates SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS7.5AI score0.00577EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/12 9:32 a.m.6 views

WordPress Find Duplicates plugin <= 1.4.6 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Find Duplicates versions = 1.4.6...

8.8CVSS8.1AI score0.00577EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/12 12:0 a.m.15 views

WordPress Find Duplicates Plugin <= 1.4.6 is vulnerable to SQL Injection

Software Find Duplicates Type Plugin Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32127 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 52116cf54a22 Credits Le Ngoc Anh Required privilege Subscriber Publish...

8.8CVSS6.8AI score0.00577EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/10 3:22 p.m.27 views

Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list

Summary An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/duplicates/list endpoint allowing an authenticated user without the permissions t...

6.5CVSS6.8AI score0.00564EPSS
Exploits1References5Affected Software1
Citrix
Citrix
added 2023/11/23 12:0 a.m.8 views

Unable to upload new SDWAN Licesne

The applied license neither changed the value of existing features nor added new features. This may be due to duplicate or invalid features or multiple server licenses...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/10/21 12:0 a.m.9 views

The vulnerability of the btf_dump_name_dups() function in the tools/lib/bpf/btf_dump.c library of the libbpf library (Berkeley Packet Filters) in the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the libbpf library Berkeley Packet Filters in the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

8CVSS6.1AI score0.00535EPSS
Exploits0References12Affected Software3
RedHat Linux
RedHat Linux
added 2023/10/10 4:31 p.m.2 views

kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route

This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128...

7.8CVSS6.7AI score0.00296EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/10/10 4:28 p.m.2 views

kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route

This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128...

7.8CVSS6.7AI score0.00296EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2023/08/22 7:16 p.m.47 views

CVE-2020-27418

A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgaconinvertregion function...

4.4CVSS5.9AI score0.00222EPSS
Exploits0References3
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.6 views

Attacker can drain the forked DAO's ERC20s by supplying a list with dupes to quit()

Lines of code Vulnerability details The quit function is used to allow members of the forked DAO to ragequit the dao and receive a pro-rata share of the ERC20 tokens that the DAO holds. One version of this functions allows the user to supply their own list of ERC20 tokens for the function to...

6.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.5 views

SUSE CVE-2020-15187

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform thi...

3CVSS7.9AI score0.01517EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.2 views

PT-2023-34259 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: The issue is related to a use-after-free in btf dump name dups. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.3 views

PT-2022-33439 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 5.19.2 Description: The issue is related to the handling of rq qos requests, where the same type should not be added more than once. The actual impact and attack plausibility have not yet been proven...

7.2AI score
Exploits0References1
Code423n4
Code423n4
added 2022/08/14 12:0 a.m.11 views

Malicious creator can create different NFT collections with NFTs corresponding to same ipfs token URI

Lines of code Vulnerability details Impact A creator can call the following createNFTCollection function with different name, symbol, and nonce to create different NFT collections. function createNFTCollection string calldata name, string calldata symbol, uint256 nonce external returns address...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.13 views

Malicious callers can replay disputes

Lines of code Vulnerability details Unlike some of the other signature based operations in the Rigor system, dispute signatures do not include a nonce and are vulnerable to replay attacks. This is similar to my finding in 339, but lower severity, since it is more of a spamming/griefing vector...

6.8AI score
Exploits0
OSV
OSV
added 2022/03/07 9:15 a.m.7 views

CVE-2022-0442

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...

4.3CVSS5.8AI score0.00644EPSS
Exploits2References1
Rows per page
Query Builder