Lucene search
K

1516 matches found

Vulnrichment
Vulnrichment
added 2023/08/23 12:0 a.m.7 views

CVE-2023-41100

An issue was discovered in the hcaptcha aka hCaptcha for EXT:form extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check...

5.3CVSS6.8AI score0.00515EPSS
Exploits0References1
OSV
OSV
added 2023/08/07 3:15 p.m.4 views

CVE-2021-24916

The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubelysendformdata AJAX action...

7.5CVSS5.9AI score0.01535EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/08/07 12:0 a.m.10 views

WordPress plugin Qubely security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

7.5CVSS6.9AI score0.01535EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.9 views

PT-2023-12071

Name of the Vulnerable Software and Affected Versions Qubely WordPress plugin versions prior to 1.8.6 Description The issue allows an unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely send form data AJAX action. Recommendations For versions prior to 1.8.6, updat...

7.5CVSS5.5AI score0.01535EPSS
Exploits2References6
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.223 views

WordPress Forminator 1.24.6 Shell Upload

Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Date: 2023-07-20 Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 2:50 p.m.33 views

Security Bulletin: Vulnerability in werkzeug may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-25577, CVE-2023-23934)

Summary Vulnerabilities in werkzeug may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: Werkzeug allowing remote attacker to bypass security restrictions and denial of service. Vulnerability Details CVEID:CVE-2023-23934 DESCRIPTION: Pallets Werkzeug could allow a remote...

7.5CVSS6.1AI score0.0142EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/07/25 8:15 p.m.2 views

CVE-2022-46899

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...

7.5CVSS7AI score0.0041EPSS
Exploits0References3
OSV
OSV
added 2023/07/25 8:15 p.m.5 views

CVE-2022-46899

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...

7.5CVSS5.9AI score0.00683EPSS
Exploits0References2
Prion
Prion
added 2023/07/25 8:15 p.m.26 views

Design/Logic Flaw

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...

5CVSS7.6AI score0.00683EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.3 views

PT-2023-15100 · Vocera · Vocera Voice Server +1

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for Arbitrary File Upload. The BaseController class, which each of the service controllers derives from, permits the upload of...

9.8CVSS6.8AI score0.00683EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/07/25 12:0 a.m.12 views

CVE-2022-46899

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...

7.1AI score0.00683EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/25 12:0 a.m.5 views

Vocera Report Server 代码问题漏洞

Vocera Report Server is a reporting application from Vocera USA. It is used to collect data from data logs created by the Vocera system software and to build reports. A security vulnerability exists in Vocera Report Server and Voice Server versions 5.x - 5.8 that stems from the BaseController...

9.8CVSS7.2AI score0.00683EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2023/07/17 12:0 a.m.405 views

Clarity PPM 14.3.0.298 Cross Site Scripting

================================================================================================================================== Title : Insufficient input validation , in CA PPM 14.3 allows remote attackers to execute stored cross-site scripting attacks. | Author : Kaizen | Tested on : windows...

7.1AI score0.00499EPSS
Exploits2
Exploit DB
Exploit DB
added 2023/07/03 12:0 a.m.260 views

FuguHub 8.1 - Remote Code Execution

Exploit Title: FuguHub 8.1 - Remote Code Execution Date: 6/24/2023 Exploit Author: redfire359 Vendor Homepage: https://fuguhub.com/ Software Link: https://fuguhub.com/download.lsp Version: 8.1 Tested on: Ubuntu 22.04.1 CVE : CVE-2023-24078 import requests from bs4 import BeautifulSoup import...

8.8CVSS8.8AI score0.53239EPSS
Exploits9
NVD
NVD
added 2023/06/30 2:15 a.m.18 views

CVE-2023-3249

The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hiddenformdata' function. This makes it possible for authenticated attackers to log in as...

9.8CVSS9.5AI score0.01099EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/06/29 12:0 a.m.14 views

Web3 – Crypto wallet Login & NFT token gating < 2.7.0 - Authentication Bypass

The plugin does not properly perform authentication in the 'hiddenformdata' function, allowing an unauthenticated user to log in as any existing user on the site, such as an administrator, if they have access to the username...

9.8CVSS7.2AI score0.01099EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/06/27 8:15 p.m.3 views

CVE-2020-18406

An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data...

7.5CVSS5.8AI score0.00365EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/27 12:0 a.m.6 views

CVE-2020-18406

An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data...

7AI score0.00365EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.5 views

PT-2023-11496 · Cmseasy · Cmseasy

Name of the Vulnerable Software and Affected Versions: cmseasy version 7.0.0 Description: An issue was discovered that allows user credentials to be sent in clear text due to no encryption of form data. Recommendations: For cmseasy version 7.0.0, consider implementing encryption for form data to...

7.5CVSS7.3AI score0.00365EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/27 12:0 a.m.13 views

CVE-2020-18406

An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data...

7.5AI score0.00365EPSS
Exploits1References1
Rows per page
Query Builder