Lucene search
K

8222 matches found

Cvelist
Cvelist
added 2021/01/06 2:31 p.m.29 views

CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...

6.6AI score0.00593EPSS
Exploits1References1
CVE
CVE
added 2021/01/06 2:31 p.m.62 views

CVE-2020-36174

CVE-2020-36174 affects the WordPress Ninja Forms plugin prior to version 3.4.27.1. The vulnerability is CSRF through the plugin’s services integration, enabling an attacker to trigger actions on behalf of an authenticated user. Public sources in the connected set corroborate that this issue is ro...

6.5CVSS6.5AI score0.00593EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/01/06 2:15 p.m.14 views

CVE-2020-36170

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms...

5.3CVSS7.2AI score
Exploits0References1
Cvelist
Cvelist
added 2021/01/06 1:55 p.m.19 views

CVE-2020-36170

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms...

5.4AI score0.01117EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/06 12:0 a.m.7 views

WordPress Ninja Forms plugin code issue vulnerability

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ninja Forms plugin is a form creation component used in it. A code issue exists in the WordPress Ninja Forms plugin before...

5.3CVSS6.1AI score0.01117EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/06 12:0 a.m.4 views

WordPress Ninja Forms plugin Access Control Error Vulnerability

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ninja Forms plugin is a form creation component used in it. WordPress Ninja Forms plugin before 3.4.27.1 suffers from an Acce...

5.3CVSS6.1AI score0.01183EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/06 12:0 a.m.6 views

WordPress Ninja Forms plugin Cross-Site Request Forgery Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Ninja Forms plugin before 3.4.27.1 suffers from a cross-site request forgery vulnerability...

6.5CVSS6.5AI score0.00593EPSS
Exploits1References2
Debian
Debian
added 2020/12/27 6:20 p.m.58 views

[SECURITY] [DSA 4820-1] horizon security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4820-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2020 https://www.debian.org/security/faq -...

6.1CVSS6.1AI score0.014EPSS
Exploits1
NVD
NVD
added 2020/12/10 6:15 a.m.20 views

CVE-2020-24444

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...

5.8CVSS5.5AI score0.02077EPSS
Exploits0References1
OSV
OSV
added 2020/12/10 6:15 a.m.4 views

CVE-2020-24444

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...

5.8CVSS6.2AI score0.02077EPSS
Exploits0References1
Prion
Prion
added 2020/12/10 6:15 a.m.25 views

Server side request forgery (ssrf)

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...

5CVSS6.5AI score0.02077EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/12/10 5:32 a.m.20 views

CVE-2020-24444 Blind SSRF in Forms add-on for AEM

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...

5.8CVSS5.6AI score0.02077EPSS
Exploits0References1
CVE
CVE
added 2020/12/10 5:32 a.m.83 views

CVE-2020-24444

CVE-2020-24444 is a blind SSRF vulnerability affecting Adobe Experience Manager (AEM) Forms add-on components: specifically the AEM Forms SP6 add-on for AEM 6.5.6.0 and the Forms add-on package for AEM 6.4 Service Pack 8 CFP 2 (6.4.8.2). The underlying issue is a blind server-side request forgery...

5.8CVSS6AI score0.02077EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/12/10 12:0 a.m.39 views

Adobe Experience Manager 6.2 <= 6.2 SP1-CFP20 / 6.3 <= 6.3.3.8 / 6.4 < 6.4.8.3 / 6.5 < 6.5.7.0 Multiple Vulnerabilities (APSB20-01)

The version of Adobe Experience Manager installed on the remote host is affected by multiple vulnerabilities as referenced in the APSB20-72 advisory, as follows: - AEM's Cloud Service offering, as well as versions 6.5.6.0 and below, 6.4.8.2 and below and 6.3.3.8 and below are affected by a stored...

9CVSS7AI score0.02535EPSS
Exploits0References3
Talos
Talos
added 2020/12/09 12:0 a.m.97 views

Foxit Reader JavaScript choice field use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

8.8CVSS9.2AI score0.71145EPSS
Exploits1
Talos
Talos
added 2020/12/09 12:0 a.m.53 views

Foxit Reader Javascript Field fileSelect Use After Free Vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

8.8CVSS8.7AI score0.66678EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2020/12/08 11:0 p.m.4 views

CVE-2020-24444

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...

5.8CVSS6AI score0.02077EPSS
Exploits0References2
Adobe
Adobe
added 2020/12/08 12:0 a.m.46 views

APSB20-72 Security update available for Adobe Experience Manager

Adobe has released updates for Adobe Experience Manager AEM and the AEM Forms add-on package. These updates resolve vulnerabilities rated Critical and Important...

7.8AI score
Exploits0Affected Software2
Patchstack
Patchstack
added 2020/11/20 12:0 a.m.15 views

WordPress Easy Registration Forms plugin <= 2.0.6 - CSV Injection vulnerability

CSV Injection vulnerability found by Mohamad Pishdar cert.ikiu.ac.ir in WordPress Easy Registration Forms plugin versions = 2.0.6. Solution 2020-11-20 - we were unable to find information about the fix for this vulnerability...

8.8CVSS3.2AI score0.02144EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/11/20 12:0 a.m.24 views

Easy Registration Forms <= 2.0.6 - CSV Injection

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

6.8CVSS3AI score0.02144EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder