Lucene search
K

5106 matches found

Patchstack
Patchstack
added 2023/05/22 12:0 a.m.11 views

WordPress Easy Captcha Plugin <= 1.0 is vulnerable to Broken Access Control

Software Easy Captcha Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33324 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5defd63e8fe5 Credits Skalucy Required privilege...

6.5AI score0.00574EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/22 12:0 a.m.6 views

WordPress is vulnerable to Content Injection

Software WordPress Type WordPress Core Vulnerable versions = 6.2.1 Fixed in 6.2.2 OWASP Top 10 A1: Injection Classification Content Injection CVE N/A Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 75b3c88a5b55 Credits N/A Required privilege Unauthenticated Published 22 Ma...

7.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/22 12:0 a.m.12 views

WordPress Groundhogg Plugin <= 2.7.9.8 is vulnerable to Broken Access Control

Software Groundhogg Type Plugin Vulnerable versions = 2.7.9.8 Fixed in 2.7.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2716 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 35a3839f18ce Credits Lana Codes Required...

5.4CVSS6.5AI score0.00467EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/05/22 12:0 a.m.11 views

WordPress Leyka Plugin <= 3.30.2 is vulnerable to Privilege Escalation

Software Leyka Type Plugin Vulnerable versions = 3.30.2 Fixed in 3.30.3 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2023-33327 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 83c2b21f0549 Credits Nguyen Anh Tien Required privilege...

8.8CVSS6.5AI score0.00521EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/22 12:0 a.m.16 views

WordPress JetFormBuilder Plugin <= 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software JetFormBuilder Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-33212 Patch priority Low CVSS severity Low 4.3 Developer Crocoblock PSID 7e5a8125e34f Credits Nguyen Xuan Chien Require...

8.8CVSS6.6AI score0.00256EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/22 12:0 a.m.12 views

WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File Upload

Software WooCommerce Follow-Up Emails Type Plugin Vulnerable versions = 4.9.40 Fixed in 4.9.50 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-33318 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID c6e0ffcab096 Credits Rafie Muhammad...

9.9CVSS6.8AI score0.00814EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/18 12:0 a.m.11 views

WordPress Simple Page Ordering Plugin <= 2.5.0 is vulnerable to Broken Access Control

Software Simple Page Ordering Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32798 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bde37994ef19 Credits Mika Required privilege...

6.3AI score0.00544EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/18 12:0 a.m.9 views

WordPress Better Notifications for WP Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Better Notifications for WP Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32964 Patch priority Low CVSS severity Low 4.3 Developer Made with Fuel Ltd. PSID 72f7e05deec7 Credits...

8.8CVSS6.6AI score0.00256EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/18 12:0 a.m.10 views

WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Scripting (XSS)

Software Jazz Popups Type Plugin Vulnerable versions = 1.8.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32965 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 4896990e199e Credits thiennv Required privilege...

7.1CVSS5.6AI score0.00379EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/05/18 12:0 a.m.12 views

swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logica...

7.5CVSS6.7AI score0.01354EPSS
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2023/05/18 12:0 a.m.12 views

WordPress BP Social Connect Plugin <= 1.5 is vulnerable to Broken Access Control

Software BP Social Connect Type Plugin Vulnerable versions = 1.5 Fixed in 1.6.2 OWASP Top 10 A2: Broken Authentication Classification Broken Access Control CVE CVE-2023-2704 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7c30551eab88 Credits Lana Codes Required privileg...

9.8CVSS6.5AI score0.01623EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/05/17 12:0 a.m.20 views

WordPress is vulnerable to Directory Traversal

Software WordPress Type WordPress Core Vulnerable versions = 6.2 Fixed in 6.2.1 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-2745 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 0d1028dd7204 Credits Ramuel Gall Wordfence Required privile...

6.1CVSS6.6AI score0.79527EPSS
Exploits7References5Affected Software1
Patchstack
Patchstack
added 2023/05/17 12:0 a.m.14 views

WordPress Waiting: One-click countdowns Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Waiting: One-click countdowns Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2757 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e454859cceb Credits István...

7.4CVSS5.6AI score0.00454EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.2 views

kernel: net: stmmac: fix tc flower deletion for VLAN priority Rx steering

A vulnerability was found in the Linux kernel's net component in the stmmac driver, where improper deletion of VLAN priority filters caused a kernel NULL pointer dereference which occurs during the deletion of specific tc flower records, leading to potential system crashes...

5.5CVSS6.5AI score0.00208EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/16 8:43 a.m.3 views

kernel: net: stmmac: fix tc flower deletion for VLAN priority Rx steering

A vulnerability was found in the Linux kernel's net component in the stmmac driver, where improper deletion of VLAN priority filters caused a kernel NULL pointer dereference which occurs during the deletion of specific tc flower records, leading to potential system crashes...

5.5CVSS6.5AI score0.00208EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.10 views

WordPress Fitness Park Theme <= 1.0.6 is vulnerable to Broken Access Control

Software Fitness Park Type Theme Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 10be7ca03521 Credits Dave Jong Patchstack Required...

5.9AI score0.00184EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.9 views

WordPress Kingcabs Theme <= 1.1.6 is vulnerable to Broken Access Control

Software Kingcabs Type Theme Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 2d230f2e2cbf Credits Dave Jong Patchstack Required...

5.9AI score0.00184EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.21 views

WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions = 3.0.9 Fixed in 3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25019 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46b92040d289 Credits Rafie Muhammad Patchstack...

7.1CVSS5.6AI score0.00401EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.11 views

WordPress Craft Blog Theme <= 1.0.7 is vulnerable to Broken Access Control

Software Craft Blog Type Theme Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 962dfabf18a9 Credits Dave Jong Patchstack Required...

5.9AI score0.00184EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.12 views

WordPress SparkleStore Theme <= 1.6.0 is vulnerable to Broken Access Control

Software SparkleStore Type Theme Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID eac4d697c839 Credits Dave Jong Patchstack Required...

5.9AI score0.00184EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder