Lucene search
K

269 matches found

Cvelist
Cvelist
added 2024/06/13 11:27 a.m.28 views

CVE-2024-34113 ColdFusion | Weak Cryptography for Passwords (CWE-261)

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the...

5.5CVSS0.00335EPSS
Exploits0References1
CVE
CVE
added 2024/06/13 11:27 a.m.64 views

CVE-2024-34113

Adobe ColdFusion is affected by CVE-2024-34113 (Weak Cryptography for Passwords) affecting ColdFusion 2023u7, 2021u13 and earlier. The issue stems from insufficiently strong cryptographic algorithms or flawed implementation used for password protection, enabling potential decryption or guessing o...

5.5CVSS5.8AI score0.00335EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/06/13 6:0 a.m.65 views

CVE-2024-4149

CVE-2024-4149 affects the Floating Chat Widget (Chaty) WordPress plugin prior to 3.2.3. The vulnerability stems from unsanitized/uncleaned settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Affected version range: before 3.2.3. The impact...

6.1CVSS4.9AI score0.00426EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/06/05 3:15 a.m.6 views

CVE-2024-5483

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of getitemspermissionscheck function. This makes it possible for unauthenticated attackers to extract basic...

5.3CVSS5.8AI score0.01008EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/05/01 6:15 a.m.23 views

CVE-2024-26999

In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...

5.5CVSS6.5AI score0.00182EPSS
Exploits0References24
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.6 views

Gradio Path Traversal Vulnerability

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a path traversal vulnerability that stems from a flawed user-supplied JSON value in an API request, which could remotely trigger a local file include...

9.4CVSS6.5AI score0.00951EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/01/16 9:13 p.m.51 views

CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Summary The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that...

8.1CVSS6.3AI score0.00276EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2024/01/09 10:15 a.m.69 views

CVE-2023-42797

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.20, CP-8050 MASTER MODULE All versions CPCI85 V05.20. The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being...

7.2CVSS6.5AI score0.00547EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2023/12/21 9:2 p.m.13 views

US pharmacy Rite Aid banned from operating facial recognition systems

Pharmacy chain Rite Aid has been denied the right to run facial recognition systems in its stores for five years, by a Federal Trade Commission FTC ruling. The regulator found so many flaws in the retailers surveillance program that it concluded Rite Aid had failed to implement reasonable...

6.9AI score
Exploits0
OSV
OSV
added 2023/12/04 10:15 p.m.8 views

CVE-2023-5953

The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server...

8.8CVSS7.4AI score0.00479EPSS
Exploits2References1
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.13 views

Mint amount calculation in deposit is incorrect

Lines of code Vulnerability details Summary The calculation in the deposit function of the DepositPool contract is flawed as it factors the deposited amount into the RSETH price to calculate the amount to mint. Impact When a user deposits in the DepositPool contract, the amount of RSETH to mint i...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/10 12:0 a.m.8 views

Vulnerability in Token Withdrawal Function

Lines of code Vulnerability details Impact Flawed logic in token withdrawal function allows for selective withdrawal of high-value tokens and fails in single-token scenarios. // Sum up total amount of each token to withdraw. uint256 memory withdrawAmounts = new uint256; IERC20 prevToken; for...

7AI score
Exploits0
CNVD
CNVD
added 2023/09/25 12:0 a.m.12 views

Damon Enterprise Manager has a flawed logic vulnerability

Damon Enterprise Manager is a centralized management platform that monitors, manages and maintains DM databases through a web interface. A logic flaw vulnerability exists in Damon Enterprise Manager, which can be exploited by an attacker to delete arbitrary operating system files, resulting in...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.9 views

quorum and quota calculation logic is flawed

Lines of code Vulnerability details Impact quorum and quota calculation logic is flawed Proof of Concept votes to be valid, and if the poll passed or failed. At the time of writing, then QUORUM value is 33% of active stake, and the QUOTA is 50%, meaning that as long as 1/3rd of active stake votes...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.7 views

Any call to settle a bond can be reverted by donating 1 WEI to the VaultLP contract

Lines of code Vulnerability details Impact Any settle call can be reverted, thus disallowing the protocol from settling any options and from releasing the locked tokens. Proof of Concept The protocol admin calls settle on an option when its price gets bellow the strike price, at which the option ...

7AI score
Exploits0
Veracode
Veracode
added 2023/08/09 1:28 a.m.20 views

Incorrect Re-Entrancy Lock Allocation

vyper is vulnerable to Incorrect Re-Entrancy Lock Allocation. The allocation of named re-entrancy locks is flawed, which makes cross-function re-entrancy possible in contracts, because each function employing a named re-entrancy lock receives a distinct lock independent of the key under a specifi...

9.1CVSS6.8AI score0.00706EPSS
Exploits1References7Affected Software1
OpenVAS
OpenVAS
added 2023/08/08 12:0 a.m.16 views

WordPress WPCode - Insert Headers and Footers Plugin < 2.0.9 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpcode:wpcode"; ifdescription...

6.5CVSS6.5AI score0.00307EPSS
Exploits2References1
OSV
OSV
added 2023/08/03 10:15 p.m.5 views

CVE-2023-20216

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...

7.8CVSS5.9AI score0.00148EPSS
Exploits0References1
Prion
Prion
added 2023/07/31 10:15 a.m.24 views

Cross site request forgery (csrf)

The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2,...

4.3CVSS7AI score0.00269EPSS
Exploits2References1Affected Software10
Prion
Prion
added 2023/07/31 10:15 a.m.19 views

Cross site request forgery (csrf)

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...

4.3CVSS6.9AI score0.00261EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder