Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2024/06/12 7:39 p.m.21 views

GHSA-WRVH-RCMR-9QFC @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities an Open Redirect and session token sent as URL query parameter in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction one click. Impact...

7.1CVSS8AI score0.00796EPSS
Exploits1References4
wpexploit
wpexploitadded 2022/09/06 12:0 a.m.466 views

Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi

The plugin does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks As unauthenticated, fill the reservation form it's on a page where the reservationform is embed, intercept the...

9.8CVSS0.7AI score0.04392EPSS
Exploits2
wpexploit
wpexploitadded 2022/03/21 12:0 a.m.102 views

One Click Demo Import < 3.1.0 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed Access Tools Import One Click Demo Import Run Importer and import dummy XML file can be empty Intercept the request made...

7.2CVSS0.5AI score0.01214EPSS
Exploits2References1
CVE
CVEadded 2021/09/01 10:45 a.m.32 views

CVE-2020-9002

CVE-2020-9002 affects iPortalis iCS 7.1.13.0. An attacker can escalate privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to DOMAIN_ADMIN, granting Domain Administrator access. Details across sources consistently describe a privilege escalation via improper validation of ...

9.6CVSS7.5AI score0.00314EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2021/05/31 12:0 a.m.2 views

Business-central 信息泄露漏洞

Business-central is a software package. A security vulnerability exists in Business-central that originates when logging into the Business-central console, an HTTP request, when intercepted, discloses sensitive information such as usernames and passwords...

7.5CVSS6.3AI score0.0027EPSS
Exploits0References3
0day.today
0day.todayadded 2020/08/15 12:0 a.m.185 views

QiHang Media Web Digital Signage 3.0.9 Password Disclosure Vulnerability

QiHang Media Web Digital Signage version 3.0.9 suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack. QiHang Media Web QH.aspx Digital Signage 3.0.9...

6.7AI score
Exploits0
CNVD
CNVDadded 2019/06/03 12:0 a.m.1 views

IBM PureApplication System pattern editor access control error vulnerability

IBM PureApplication System is a platform system from IBM USA designed for transactional Web and database applications. The system is capable of handling workloads, and all configurations can be maintained and updated from a single console. pattern editor is one of the graphical editors. An access...

4.3CVSS6.7AI score0.00165EPSS
Exploits0References1
Rows per page
Query Builder