Lucene search
K

5104 matches found

Patchstack
Patchstack
added 2022/12/29 12:0 a.m.10 views

WordPress WP Google My Business Auto Publish Plugin < 3.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Google My Business Auto Publish Type Plugin Vulnerable versions 3.4 Fixed in 3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4790 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID d445bdc86be1 Credits Istvá...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/12/29 12:0 a.m.18 views

WordPress kingclub-theme Theme < 10 is vulnerable to Arbitrary File Upload

Software kingclub-theme Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c582a1ee7025 Credits Joshua Small Required privilege...

9.8CVSS9.3AI score0.02084EPSS
Exploits12References2Affected Software1
Patchstack
Patchstack
added 2022/12/28 12:0 a.m.15 views

WordPress Print-O-Matic Plugin < 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Print-O-Matic Type Plugin Vulnerable versions 2.1.8 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4753 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 27083e2d8927 Credits István Márton Required...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2022/12/28 12:0 a.m.10 views

WordPress Word Balloon Plugin < 4.19.3 is vulnerable to Cross Site Scripting (XSS)

Software Word Balloon Type Plugin Vulnerable versions 4.19.3 Fixed in 4.19.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4751 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 147788398dbc Credits István Márton Require...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/12/28 12:0 a.m.12 views

WordPress User Verification Plugin < 1.0.94 is vulnerable to Bypass Vulnerability

Software User Verification Type Plugin Vulnerable versions 1.0.94 Fixed in 1.0.94 OWASP Top 10 A2: Broken Authentication Classification Bypass Vulnerability CVE CVE-2022-4693 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 89cd3dc7d831 Credits István Márton Required...

9.8CVSS6.5AI score0.01598EPSS
Exploits2References3Affected Software1
Code423n4
Code423n4
added 2022/12/23 12:0 a.m.12 views

Upgraded Q -> M from #4 [1671756144822]

Judge has assessed an item in Issue 4 as M risk. The relevant finding follows: GroupBuy: Insertion timestamp ignored The documentation states that "If the users have the same quantity as well, the bid that was placed later will have Raes removed.". However, with the current implementation, this i...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.9 views

Bids are wrongly ordered when prices and quantities are equal.

Lines of code Vulnerability details Description In GroupBuy, when total amount of Raes is filled up with purchases, users start competing with higher price offers. Their bids are laid out in a min priority queue structure implemented in MinPriorityQueue.sol. The docs clearly state that when two...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.8 views

Priority queue min accounting breaks when nodes are split in two

Lines of code Vulnerability details The README states If two users place bids at the same price but with different quantities, the queue will pull from the bid with a higher quantity first, but the data-structure used for implementing this logic, is not used properly and essentially has its data...

6.5AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/12/13 9:0 a.m.19 views

This Week in Spring - December 13th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! I truly, absolutely, can not believe that were nearly done with the year already! Have you made your new years resolutions? Submitted your expense reports? Its that time of the year when Im going to start focusing on staying...

0.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/11/15 11:55 a.m.2 views

kernel: sched/fair: Fix fault in reweight_entity

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweightentity Syzbot found a GPF in reweightentity. This has been bisected to commit 4ef0c5c6b5ba "kernel/sched: Fix schedfork access an invalid schedtaskgroup" There is a race between schedpostfork and...

4.7CVSS6.3AI score0.00168EPSS
Exploits0References5
Code423n4
Code423n4
added 2022/11/09 12:0 a.m.6 views

BLOCK_PERIOD is incorrect

Lines of code Vulnerability details The BLOCKPERIOD is set to 13 seconds in Config.sol. uint256 constant BLOCKPERIOD = 13 seconds; Since moving to Proof-of-Stake PoS after the Merge, block times on ethereum are fixed at 12 seconds per block slots. . Impact This results in incorrect calculation of...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/20 12:0 a.m.6 views

PT-2024-8458 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a memory leak in the nf tables addchain function of the Linux kernel's nf tables component. This leak occurs when the nft chain offload priority function return...

8.4CVSS6.5AI score0.08555EPSS
Exploits1References1284
Positive Technologies
Positive Technologies
added 2022/09/17 12:0 a.m.3 views

PT-2022-34087 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.137 Description: The issue is related to a refcount leak in the xive get max prio function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

7.1AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/09/14 12:0 a.m.5 views

The vulnerability of the sf-pcapng.c component in the Libpcap library, which allows a hacker to compromise the integrity of network traffic data.

The vulnerability of the sf-pcapng.c component in the Libpcap network traffic capture library is related to an incorrect check on the length of the PHB header. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

5.3CVSS6.3AI score0.02834EPSS
Exploits0References11Affected Software4
OPENSUSE Linux
OPENSUSE Linux
added 2022/09/01 12:0 a.m.22 views

Security update for libsolv, libzypp, zypper (important)

openSUSE Security Update: Security update for libsolv, libzypp, zypper Announcement ID: openSUSE-SU-2022:1157-1 Rating: important References: 1184501 1194848 1195999 1196061 1196317 1196368 1196514 1196925 1197134 Affected Products: openSUSE Leap Micro 5.2 An update that contains security fixes c...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.4 views

Google Android 输入验证错误漏洞

Google Android is a Linux-based open-source operating system from Google, Inc. A security vulnerability exists in the Google Android Companion component, which stems from a possible way to make a service run with higher importance without displaying a foreground service notification due to improp...

5CVSS5.6AI score0.00099EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2022/08/11 6:11 a.m.8 views

prioritylending.com.au Cross Site Scripting vulnerability OBB-2835917

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/07/18 11:15 p.m.2 views

CVE-2022-34643

RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory...

5.5CVSS5.9AI score0.00215EPSS
Exploits1References2
OSV
OSV
added 2022/07/18 11:15 p.m.3 views

CVE-2022-34643

RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory...

5.5CVSS5.8AI score0.00215EPSS
Exploits1References1
NVD
NVD
added 2022/07/18 11:15 p.m.18 views

CVE-2022-34643

RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory...

5.5CVSS0.00215EPSS
Exploits1References1
Rows per page
Query Builder