Lucene search
K

126 matches found

OSV
OSV
added 2024/05/24 11:8 a.m.5 views

OESA-2024-1659 python-tqdm security update

tqdm derives from the Arabic word taqaddum which can mean "progress". Instantly make your loops show a smart progress meter - just wrap any iterable with tqdminterable, and you are done! Security Fixes: tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments...

4.8CVSS7.8AI score0.00432EPSS
Exploits0References2
OSV
OSV
added 2024/05/15 3:15 a.m.5 views

CVE-2024-3189

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...

5.4CVSS5.9AI score0.00409EPSS
Exploits0References4
CVE
CVE
added 2024/05/15 2:32 a.m.49 views

CVE-2024-3189

CVE-2024-3189 affects Gutenberg Blocks by Kadence Blocks – Page Builder Features for WordPress. All versions ≤ 3.2.37 are vulnerable to Stored XSS via the plugin blocks (Testimonial, Progress Bar, Lottie Animations, Row Layout, Google Maps, Advanced Gallery) due to insufficient input sanitization...

5.4CVSS5.7AI score0.00409EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/15 2:32 a.m.24 views

CVE-2024-3189 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...

5.4CVSS5.8AI score0.00409EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.3 views

WordPress plugin Gutenberg Blocks by Kadence Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

5.4CVSS6.1AI score0.00409EPSS
Exploits0References5
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.181 views

KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open an HTML file containing where is a valid ID: "...

6.7AI score0.00324EPSS
Exploits3
OSV
OSV
added 2024/05/03 10:15 a.m.1 views

UBUNTU-CVE-2024-34062

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...

4.8CVSS6.9AI score0.00432EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2024/05/03 9:55 a.m.25 views

CVE-2024-34062

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...

4.8CVSS5.4AI score0.00432EPSS
Exploits0
OSV
OSV
added 2024/05/03 9:55 a.m.23 views

CVE-2024-34062 tqdm CLI arguments injection attack

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...

4.8CVSS6.7AI score0.00432EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.3 views

tqdm 安全漏洞

tqdm is a fast, extensible progress bar for Python and the CLI from the tqdm open source. A security vulnerability exists in versions of tqdm prior to 4.66.3, which stems from the fact that any optional non-Boolean CLI arguments can be passed through python's eval, allowing arbitrary code executi...

4.8CVSS6.8AI score0.00432EPSS
Exploits0References5
OSV
OSV
added 2024/03/16 3:15 a.m.3 views

CVE-2023-6525

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.8CVSS7.3AI score0.00432EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.6 views

PT-2024-14993 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.3 Description: The issue is related to Stored Cross-Site Scripting via the progress bar element attributes due to insufficient input sanitization and output...

5.5CVSS7.9AI score0.00432EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2023/12/15 1:15 a.m.6 views

CVE-2023-40954

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...

9.8CVSS5.8AI score0.00884EPSS
Exploits1References3
NVD
NVD
added 2023/12/15 1:15 a.m.24 views

CVE-2023-40954

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...

9.8CVSS0.00884EPSS
Exploits1References2
OSV
OSV
added 2023/12/15 1:15 a.m.15 views

CVE-2023-40954

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...

9.8CVSS8.1AI score
Exploits0References2
Prion
Prion
added 2023/12/15 1:15 a.m.15 views

Sql injection

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...

7.5CVSS8.5AI score0.00884EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.4 views

PT-2023-27717 · Grzegorz Marczynski · Dynamic Progress Bar

Name of the Vulnerable Software and Affected Versions: Grzegorz Marczynski Dynamic Progress Bar versions 11.0 through 11.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 12.0 through 12.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 13.0 through 13.0.2 Grzegorz Marczynski Dynamic...

9.8CVSS9.9AI score0.00884EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/12/15 12:0 a.m.28 views

CVE-2023-40954

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...

10AI score0.00884EPSS
Exploits1References2
CVE
CVE
added 2023/12/15 12:0 a.m.35 views

CVE-2023-40954

CVE-2023-40954 is a SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (web_progress) affecting versions 11.0–11.0.2, 12.0–12.0.2, 13.0–13.0.2, 14.0–14.0.2.1, 15.0–15.0.2, and 16.0–16.0.2.1. The issue allows remote attackers to gain privileges via the recency parameter in mod...

9.8CVSS9.8AI score0.00884EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2023/06/05 12:0 a.m.270 views

WordPress Circle Progress 1.0 Cross Site Scripting

Exploit Title: WordPress Plugin Circle progress bar – Cross site scripting-Stored Date: 2-06-2023 Exploit Author: Taliya Bilal- NightHawk Vendor Homepage: https://wordpress.org/plugins/circle-progress-bar/ Version: 1.0 Tested on: Firefox Contact me: [email protected] Steps to reproduce: 1...

7.1AI score
Exploits0
Rows per page
Query Builder