Lucene search
K

197 matches found

OSV
OSV
added 2023/09/27 3:19 p.m.2 views

DEBIAN-CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

3.7CVSS6.9AI score0.00362EPSS
Exploits0References1
OSV
OSV
added 2023/09/27 3:19 p.m.4 views

UBUNTU-CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

3.7CVSS6.5AI score0.00362EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/09/26 6:55 p.m.38 views

matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes

Impact When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be...

3.7CVSS6.8AI score0.00362EPSS
Exploits0References11Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.10 views

PT-2023-27911 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.93.0 Description: The issue concerns the temporary storage of user passwords in the server database when users update their credentials. Although this does not grant the server any additional capabilities, it...

8.8CVSS6AI score0.99735EPSS
Exploits9References42
OSV
OSV
added 2023/06/14 2:52 p.m.4 views

DRUPAL-CONTRIB-2023-020

This module enables you to define a 'weekly office hours' field type, and add a field to any Content type, in order to display the weekly opening hours for a location. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability...

6AI score
Exploits0References1
Drupal
Drupal
added 2023/06/14 12:0 a.m.20 views

Office Hours - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-020

This module enables you to define a 'weekly office hours' field type, and add a field to any Content type, in order to display the weekly opening hours for a location. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability...

6AI score
Exploits0References4
OSV
OSV
added 2023/05/17 12:15 a.m.5 views

CVE-2023-25394

Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours...

7CVSS7.1AI score0.00347EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.4 views

Groupnotes Videostream 安全漏洞

Groupnotes Videostream is a video streaming application from Groupnotes, Inc. A security vulnerability exists in Groupnotes Videostream version 0.5.0, 0.4.3, which stems from the fact that an Updater privileged script will attempt to update Videostream every 5 hours...

7CVSS7AI score0.00347EPSS
Exploits1References5
Snyk
Snyk
added 2023/04/27 3:30 a.m.5 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration such that the token used in the password reset links remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3...

7.8CVSS7AI score0.00435EPSS
Exploits1References2
OSV
OSV
added 2023/03/04 12:15 a.m.40 views

PYSEC-2023-54

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0...

8.8CVSS8.9AI score0.00571EPSS
Exploits0References2
OSV
OSV
added 2023/03/03 11:37 p.m.23 views

CVE-2023-23929 Refresh tokens do not expire in Vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0...

8.8CVSS8.6AI score0.00571EPSS
Exploits0References4
NVD
NVD
added 2023/03/03 11:15 p.m.49 views

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

7.5CVSS7.5AI score0.00652EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/03/03 12:0 a.m.49 views

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

7.7AI score0.00652EPSS
Exploits1References2
OSV
OSV
added 2023/02/21 9:15 a.m.3 views

CVE-2022-4752

The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/21 8:50 a.m.5 views

CVE-2022-4752 Opening Hours <= 2.3.0 - Contributor+ Stored XSS via Shortcode

The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.3AI score0.00471EPSS
Exploits2References1
CVE
CVE
added 2023/02/21 8:50 a.m.65 views

CVE-2022-4752

The CVE-2022-4752 entry concerns the WordPress plugin Opening Hours (

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.4 views

WordPress Plugin Opening Hours 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/02/03 12:0 a.m.7 views

WordPress Opening Hours Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Opening Hours Type Plugin Vulnerable versions = 2.3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ba2ed69ebc49 Credits Unknown Required privilege Administrat...

6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/01/25 12:0 a.m.10 views

WordPress Opening Hours Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Opening Hours Type Plugin Vulnerable versions = 2.3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4752 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f20861b9bf46 Credits István Márton Required...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/05 12:0 a.m.4 views

PT-2023-14817 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.14 on the stable branch Discourse versions prior to 3.0.0.beta15 on the beta and tests-passed branches Description: Discourse is an option source discussion platform. When a user requests a password reset link...

8.1CVSS7.9AI score0.00679EPSS
Exploits0References9
Rows per page
Query Builder