44 matches found
EUVD-2020-19874
Malware in sbrugna...
EUVD-2021-21276
Malware in sbrugna...
EUVD-2021-16190
Malware in sbrugna...
EUVD-2023-37397
Malicious code in bioql PyPI...
EUVD-2023-43932
Malicious code in bioql PyPI...
EUVD-2023-23420
Malicious code in bioql PyPI...
CVE-2024-4372
The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...
CVE-2022-3690
The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins...
CVE-2022-1755
The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...
CVE-2021-24163
The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...
CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth connecti...
CVE-2021-24672
The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2020-13658
In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application...
Security Bulletin: IBM InfoSphere Information Server Low Level Authenticated User Can View Higher Level User And Group Listing (CVE-2022-36772)
Summary A vulnerability in IBM InfoSphere Information Server allowed lower level authenticated user to view other users and groups list. The scope of the vulnerability was limited in nature. The flaw gave such users VIEW access only. This vulnerabity was addressed. Vulnerability Details...
CVE-2023-40055
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227...
CVE-2023-40055 SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227...
CVE-2023-40054 SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226...
CVE-2023-40054 SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226...
SolarWinds Network Configuration Manager Security Vulnerability
SolarWinds Network Configuration Manager is an easy-to-use solution from SolarWinds USA. A security vulnerability exists in SolarWinds Network Configuration Manager that stems from susceptibility to directory traversal and remote code execution vulnerabilities that could allow a low-level user to...
CVE-2023-33226
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges...