Lucene search
K

1409 matches found

Patchstack
Patchstack
added 2019/06/25 12:0 a.m.7 views

WordPress SEO By Rank Math plugin <= 1.0.27 - Authenticated Settings Reset vulnerability

Authenticated Settings Reset vulnerability found in WordPress SEO By Rank Math plugin versions = 1.0.27. Solution Update the WordPress SEO By Rank Math plugin to the latest available version at least 1.0.27.1...

3.3AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/21 12:0 a.m.11 views

Seo By Rank Math <= 1.0.27 - Authenticated Settings Reset

Allows any authenticated user with a role as low as subscriber to reset Settings of the plugin. PoC https://plugins.trac.wordpress.org/browser/seo-by-rank-math/tags/1.0.27/includes/admin/class-options.phpL91...

4CVSS0.8AI score0.01381EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2019/06/21 12:0 a.m.19 views

Seo By Rank Math <= 1.0.27 - Authenticated Settings Reset

Allows any authenticated user with a role as low as subscriber to reset Settings of the plugin. https://plugins.trac.wordpress.org/browser/seo-by-rank-math/tags/1.0.27/includes/admin/class-options.phpL91...

4CVSS2.1AI score0.01381EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2019/06/18 12:0 a.m.13 views

Seo by Rank Math <= 1.0.26 - XSS Issues

The changelog file states "Added some important security fixes", and various variables can be found being HTML escaped in the code changes...

0.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/06/18 12:0 a.m.19 views

WordPress SEO by Rank Math plugin <= 1.0.26 - Cross-Site Scripting (XSS) vulnerabilities

Cross-Site Scripting XSS vulnerabilities found in WordPress SEO by Rank Math versions = 1.0.26. Solution Update the WordPress SEO by Rank Math to the latest available version at least 1.0.27...

1.7AI score
Exploits0References1Affected Software1
Jake Archibald's Blog
Jake Archibald's Blog
added 2019/06/11 8:16 a.m.19 views

Probably?

Remy Sharp asked a question on Twitter that got me thinking about probability for the first time in a while. The problem Get your copybooks out now! Remy is using an image service that has an API which returns a URL for one of its images, picked at random. Remy makes five requests to the service,...

7AI score
Exploits0
Hacker One
Hacker One
added 2019/04/26 3:41 p.m.18 views

GitLab: Clientside resource Exhausting by exploiting gitlab math rendering

Summary based on the documentation gitlab markdown is supporting math expresion rendering using KaTex and able to run subset syntax from LaTex this could be achieved by using 2 ways in the markdown for inline and for multiline. F476662 Steps to reproduce Step-by-step guide to reproduce the issue,...

6.8AI score
Exploits0
Filippo.io
Filippo.io
added 2019/04/02 4:45 p.m.83 views

A Go implementation of Poly1305 that makes sense

Poly1305 is a Message Authentication Code--a cryptographic primitive for authenticating a message with a shared secret key, like HMAC. Although its really a fraction of the complexity of e.g. elliptic curves, most of the implementations Ive read look decidedly like magic, mysteriously multiplying...

7.4AI score
Exploits0
OSV
OSV
added 2019/02/28 6:29 p.m.1 views

DEBIAN-CVE-2018-18493

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.4, Firefox ESR 60.4, an...

9.8CVSS9.4AI score0.04975EPSS
Exploits0References1
curl security advisories
curl security advisories
added 2019/02/06 8:0 a.m.5 views

NTLMv2 type-3 header stack buffer overflow

libcurl contains a stack based buffer overflow vulnerability. The function creating an outgoing NTLM type-3 header lib/vauth/ntlm.c:Curlauthcreatentlmtype3message, generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from...

9.8CVSS6.6AI score0.12771EPSS
Exploits1Affected Software2
OSV
OSV
added 2019/02/06 12:0 a.m.3 views

UBUNTU-CVE-2019-3822

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header lib/vauth/ntlm.c:Curlauthcreatentlmtype3message, generates the request HTTP header contents based on previously received data. The check that exists ...

9.8CVSS7.3AI score0.12771EPSS
Exploits1References4
OSV
OSV
added 2019/01/31 9:29 p.m.3 views

CVE-2019-7295

typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula...

6.1CVSS6.4AI score0.01686EPSS
Exploits1References1
Fedora
Fedora
added 2018/11/30 2:52 a.m.41 views

[SECURITY] Fedora 29 Update: glibc-2.28-22.fc29

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

7.5CVSS2AI score0.05532EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2018/11/27 12:1 p.m.36 views

math-aids.com XSS vulnerability

Open Bug Bounty ID: OBB-703600 Description| Value ---|--- Affected Website:| math-aids.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

Exploits0
OSV
OSV
added 2018/11/07 12:29 a.m.1 views

GHSA-QV2V-M59F-V5FW Insecure randomness in socket.io

Affected versions of socket.io depend on Math.random to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization. Recommendation Update to v0.9.7 or lat...

7.5CVSS7AI score0.02EPSS
Exploits0References7
Fedora
Fedora
added 2018/10/02 7:36 p.m.41 views

[SECURITY] Fedora 29 Update: liblouis-3.7.0-1.fc29

Liblouis is an open-source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary brail le, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through...

6.5CVSS0.3AI score0.02716EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2018/09/17 2:54 p.m.2 views

JDK: DoS in the java.math component

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681...

7.5CVSS7.3AI score0.03981EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/09/17 2:51 p.m.3 views

JDK: DoS in the java.math component

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681...

7.5CVSS7.3AI score0.03981EPSS
Exploits0References4
NVD
NVD
added 2018/09/17 2:29 p.m.19 views

CVE-2018-17142

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...

7.5CVSS8AI score0.0281EPSS
Exploits1References3
OSV
OSV
added 2018/09/17 2:29 p.m.2 views

CVE-2018-17142

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...

7.5CVSS5.8AI score0.0281EPSS
Exploits1References3
Rows per page
Query Builder