Lucene search
K

269 matches found

WPVulnDB
WPVulnDB
added 2023/07/10 12:0 a.m.14 views

WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

The plugin has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack PoC Make a logged in admin open the URL below 42 being a pre-order to be canceled...

6.7AI score0.00261EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/10 12:0 a.m.19 views

WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF

The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks PoC Make a logged in admin open an HTML pa...

6.7AI score0.00261EPSS
Exploits2Affected Software1
NVD
NVD
added 2023/06/19 4:15 p.m.41 views

CVE-2022-48506

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct ICP and ICP2 and ImageCast Evolution ICE scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of...

2.4CVSS3.7AI score0.00359EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/06/19 12:0 a.m.33 views

CVE-2022-48506

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct ICP and ICP2 and ImageCast Evolution ICE scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of...

4.1AI score0.00359EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/19 12:0 a.m.14 views

CVE-2022-48506

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct ICP and ICP2 and ImageCast Evolution ICE scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of...

3.8AI score0.00359EPSS
Exploits0References4
Prion
Prion
added 2023/05/26 9:15 p.m.21 views

Code injection

Django-SES is a drop-in mail backend for Django. The djangoses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...

5.5CVSS5.4AI score0.00233EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/05/26 8:3 p.m.30 views

CVE-2023-33185 Incorrect signature verification in django-ses

Django-SES is a drop-in mail backend for Django. The djangoses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...

4.6CVSS5.4AI score0.00233EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/05/26 8:3 p.m.41 views

CVE-2023-33185 Incorrect signature verification in django-ses

Django-SES is a drop-in mail backend for Django. The djangoses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...

4.6CVSS5.7AI score0.00233EPSS
Exploits1References3
OSV
OSV
added 2023/05/22 7:41 p.m.23 views

GHSA-QG36-9JXH-FJ25 Incorrect signature verification in django-ses

The djangoses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by djangoses,...

4.6CVSS4.9AI score0.00233EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/05/22 7:41 p.m.20 views

Incorrect signature verification in django-ses

The djangoses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by djangoses,...

5.4CVSS6.9AI score0.00233EPSS
Exploits1References6Affected Software1
Wired Threat Level
Wired Threat Level
added 2023/05/11 4:11 a.m.16 views

Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp

The social network’s new privacy feature is technically flawed, opt-in, and limited in its functionality. All this for just $8 a month...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/30 12:0 a.m.210 views

Router ZTE-H108NS - Authentication Bypass

Exploit Title: Router ZTE-H108NS - Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 CVE: N/A Tested on: Debian 5.18.5 Description : When specific http methods are listed within a security constraint, th...

7.4AI score
Exploits0
Prion
Prion
added 2023/03/20 4:15 p.m.15 views

Cross site request forgery (csrf)

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

4CVSS4.7AI score0.00262EPSS
Exploits2References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/12 6:30 a.m.31 views

Access control issue in ezsystems/ezpublish-kernel

Access control based on object state is mishandled. This is a policy you can use in your roles to limit access to content based on specific object state values. Due to a flawed earlier update, these limitations were ineffective in releases made since February 16th 2022. They would grant access to...

9.8CVSS8.8AI score0.00721EPSS
Exploits0References4Affected Software1
RustSec
RustSec
added 2023/02/25 12:0 p.m.19 views

Ascii allows out-of-bounds array indexing in safe code

Affected version of this crate had implementation of From for &mut u8 and &mut str. This can result in out-of-bounds array indexing in safe code. The flaw was corrected in commit 8a6c779 by removing those impls...

4.5AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/21 12:0 a.m.18 views

WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. PoC Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as...

4.3CVSS5.2AI score0.00262EPSS
Exploits2Affected Software1
hivepro
hivepro
added 2023/02/09 7:3 a.m.18 views

Linux Variant of Cl0p Ransomware Discovered with Flawed Encryption Algorithm

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Cl0p ransomware for Linux has been discovered. The executable file in ELF format has a flawed encryption algorithm, which allows for the decryption of the locked files without...

3AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.6 views

Misuse of a Boolean constant

Lines of code Vulnerability details Impact Use of Boolean constants true/false in code is indicative of flawed logic. Boolean constants in code have only a few legitimate uses. Other uses in complex expressions, as conditionals indicate either an error or, most likely, the persistence of faulty...

7AI score
Exploits0
CNNVD
CNNVD
added 2022/12/20 12:0 a.m.3 views

IBM Financial Transaction Manager 安全漏洞

IBM Financial Transaction Manager is a financial transaction manager from International Business Machines IBM. The product is primarily used to monitor, track and report on financial payments and transactions. A security vulnerability exists in IBM Financial Transaction Manager version 3.2.4, whi...

5.3CVSS5.8AI score0.00491EPSS
Exploits0References3
0day.today
0day.today
added 2022/11/21 12:0 a.m.281 views

ZTE ZXHN-H108NS Authentication Bypass Vulnerability

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7uZRDGR2A68 suffers from an authentication bypass vulnerability when alternate HTTP methods are leveraged. Exploit Title: Router ZTE-H108NS - Authentication Bypass Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/...

0.6AI score
Exploits0
Rows per page
Query Builder