Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

214 matches found

Vulnrichment
Vulnrichmentadded 2022/11/21 12:0 a.m.5 views

CVE-2022-3753 Evaluate <= 1.0 - Admin+ Stored Cross-Site Scripting

The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

5.9AI score0.00501EPSS
Exploits2References1
CNNVD
CNNVDadded 2022/11/21 12:0 a.m.1 views

WordPress plugin Evaluate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.8AI score0.00501EPSS
Exploits2References2
Patchstack
Patchstackadded 2022/10/29 12:0 a.m.20 views

WordPress Evaluate plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariah Almotlag in the WordPress Evaluate plugin versions = 1.0. Solution No patched version available...

4.8CVSS3.2AI score0.00501EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDBadded 2022/10/29 12:0 a.m.15 views

Evaluate <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Go to Settings » Evaluate » Add New. 2...

4.8CVSS2.4AI score0.00501EPSS
Exploits2Affected Software1
wpexploit
wpexploitadded 2022/10/29 12:0 a.m.81 views

Evaluate <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Go to Settings » Evaluate » Add New. 2. Add...

4.8CVSS0.4AI score0.00501EPSS
Exploits2
OSV
OSVadded 2022/08/06 5:20 a.m.25 views

GHSA-6GJM-6WJ6-4PX5 Byobu user preference to prevent private discussions being started are not respected

Impact Users electing to prevent others starting private discussions with themselves. Please note that admins and others with appropriate permissions can always bypass this preference, as was the case before. Patches Users of Byobu should update the extension to version 1.1.7, where this has been...

3.5CVSS4.3AI score0.00421EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2022/07/25 12:0 a.m.4 views

PT-2022-9061 · Unknown · Node-Import

Name of the Vulnerable Software and Affected Versions: node-import versions all Description: The issue affects the params argument of a module function, which can be controlled by users without proper sanitization. This unsanitized input is then passed to the eval function, located in line 79 of...

9.8CVSS9.3AI score0.00916EPSS
Exploits1References5
Hacker One
Hacker Oneadded 2022/07/13 2:39 p.m.29 views

Hyperledger: Remote denial of service in HyperLedger Fabric

How to reproduce 1.Bring up the test network.https://hyperledger-fabric.readthedocs.io/en/latest/testnetwork.htmlbring-up-the-test-network 2.Run the PoC. bash go run poc.go -server=192.168.0.208:7051 go package main import "context" "crypto/tls" "flag" "fmt"...

5CVSS0.2AI score0.00879EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2022/01/01 12:15 a.m.2 views

CVE-2021-45947

Wasm3 0.5.0 has an out-of-bounds write in RuntimeRelease called from EvaluateExpression and InitDataSegments...

5.5CVSS5.9AI score0.00667EPSS
Exploits1References3
Microsoft CVE
Microsoft CVEadded 2021/11/18 8:0 a.m.3 views

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function

...

7.2CVSS8.3AI score0.02651EPSS
Exploits0
OSV
OSVadded 2021/11/15 9:15 p.m.1 views

DEBIAN-CVE-2021-42383

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

7.2CVSS7.5AI score0.02117EPSS
Exploits0References1
OSV
OSVadded 2021/11/15 9:15 p.m.3 views

DEBIAN-CVE-2021-42385

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

7.2CVSS7.6AI score0.02651EPSS
Exploits0References1
OSV
OSVadded 2021/11/15 9:15 p.m.24 views

CVE-2021-42383

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

7.2CVSS7.3AI score
Exploits0References5
OSV
OSVadded 2021/11/15 9:15 p.m.2 views

ALPINE-CVE-2021-42385

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

7.2CVSS7.5AI score0.02651EPSS
Exploits0References1
OSV
OSVadded 2021/11/15 9:15 p.m.1 views

ALPINE-CVE-2021-42383

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

7.2CVSS7.5AI score0.02117EPSS
Exploits0References1
Prion
Prionadded 2021/11/15 9:15 p.m.23 views

Design/Logic Flaw

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

6.5CVSS7.2AI score0.02651EPSS
Exploits0References5Affected Software2
OSV
OSVadded 2021/11/15 9:15 p.m.0 views

UBUNTU-CVE-2021-42385

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

7.2CVSS7.3AI score0.02651EPSS
Exploits0References4
CNNVD
CNNVDadded 2021/11/15 12:0 a.m.3 views

BusyBox 资源管理错误漏洞

BusyBox is a set of applications containing several linux commands and tools by Denis Vlasenko, a Ukrainian personal developer. BusyBox suffers from a resource management error vulnerability that stems from a denial of service and possible code enforcement due to post-release usage in Busybox's a...

7.2CVSS7AI score0.02117EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2021/11/15 12:0 a.m.3 views

PT-2021-5547 · Busybox +5 · Busybox +5

Name of the Vulnerable Software and Affected Versions: BusyBox affected versions not specified Description: A use-after-free issue in BusyBox's awk applet can lead to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. This allows a remote...

9.8CVSS7.4AI score0.32381EPSS
Exploits23References209
RedHat Linux
RedHat Linuxadded 2021/09/08 2:43 p.m.4 views

jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

5.3CVSS7.1AI score0.02132EPSS
Exploits1References5
Rows per page
Query Builder