Lucene search
K

292 matches found

CVE
CVE
added 2024/06/19 1:35 p.m.169 views

CVE-2024-38558

CVE-2024-38558 concerns the Linux kernel's net/openvswitch handling of ICMPv6 in the OVS_PACKET_CMD_EXECUTE path. The root cause is a misuse of a shared IPv6 field between Neighbor Discovery (ND) state and conntrack original tuple (ct_orig) during packet-key parsing. When parsing ICMPv6, the code...

5.5CVSS7AI score0.00259EPSS
Exploits1References12Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/05/25 2:15 a.m.3 views

CVE-2024-5220

The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...

6.4CVSS6.1AI score0.00322EPSS
Exploits0References4
CVE
CVE
added 2024/05/25 1:51 a.m.36 views

CVE-2024-5220

The ND Shortcodes plugin for WordPress (up to version 7.5) is affected by a Stored XSS via the plugin’s upload feature. Exploitation requires authenticated access at Author level or higher, allowing script injection into pages that execute for users visiting injected pages. Patch status for CVE-2...

6.4CVSS6AI score0.00322EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/25 12:0 a.m.6 views

PT-2024-35132 · WordPress · Nd Shortcodes

Name of the Vulnerable Software and Affected Versions: ND Shortcodes plugin for WordPress versions up to, and including, 7.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's upload feature due to insufficient input sanitization and output escaping. This allows...

6.4CVSS5.7AI score0.00322EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/05/24 12:0 a.m.6 views

WordPress plugin ND Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.11 views

ND Shortcodes < 7.6 - Authenticated (Author+) Stored Cross-Site Scripting

Description The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/03/07 6:21 p.m.3 views

openvswitch: openvswitch don't match packets on nd_target field

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

7.1CVSS7.4AI score0.00389EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.11 views

PT-2024-17994 · WordPress · Restaurant Reservations

Name of the Vulnerable Software and Affected Versions: Restaurant Reservations plugin for WordPress versions up to, and including, 1.9 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary PHP files on the server via the nd...

8.8CVSS8.1AI score0.0088EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/10/02 12:0 a.m.8 views

The vulnerability of the ND Shortcodes plugin of the WordPress content management system allows attackers to execute LFI attacks.

The vulnerability of the ND Shortcodes plugin of the WordPress content management system is related to an incorrect limitation on the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to execute LFI attacks remotely...

9CVSS7.7AI score0.01683EPSS
Exploits2References4Affected Software1
Openbugbounty
Openbugbounty
added 2023/09/17 5:38 p.m.14 views

nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3692030

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/07/25 5:6 a.m.18 views

nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3548102

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/07/06 9:54 p.m.5 views

nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3482327

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
NVD
NVD
added 2023/07/04 8:15 a.m.21 views

CVE-2023-1273

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...

8.8CVSS8.6AI score0.01683EPSS
Exploits2References1
OSV
OSV
added 2023/07/04 8:15 a.m.5 views

CVE-2022-4623

The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00444EPSS
Exploits2References1
OSV
OSV
added 2023/07/04 8:15 a.m.3 views

CVE-2023-1273

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...

8.8CVSS7.3AI score0.01683EPSS
Exploits2References1
Prion
Prion
added 2023/07/04 8:15 a.m.17 views

Cross site scripting

The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS5.4AI score0.00444EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/04 7:23 a.m.12 views

CVE-2023-1273 ND Shortcodes < 7.0 - Subscriber+ LFI

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...

6.5AI score0.01683EPSS
Exploits2References1
CVE
CVE
added 2023/07/04 7:23 a.m.63 views

CVE-2023-1273

CVE-2023-1273 affects the WordPress plugin ND Shortcodes (before 7.0). The issue is that some shortcode attributes used to generate include paths are not validated, allowing an authenticated user (e.g., a subscriber) to perform a Local File Inclusion (LFI) attack by manipulating the path. Public ...

8.8CVSS8.6AI score0.01683EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/07/04 7:23 a.m.50 views

CVE-2022-4623

The CVE-2022-4623 entry concerns the ND Shortcodes WordPress plugin prior to version 7.0. It states that the plugin does not validate and escape numerous shortcode attributes before output, allowing users with the contributor role and above to perform Stored Cross-Site Scripting when the shortcod...

5.4CVSS5.5AI score0.00444EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/07/04 12:0 a.m.6 views

WordPress plugin ND Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.4AI score0.00444EPSS
Exploits2References2
Rows per page
Query Builder