Lucene search
+L

10 matches found

nvd
nvd
added 2026/07/03 6:16 a.m.8 views

CVE-2026-14352

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00473EPSS
Exploits0References7
euvd
euvd
added 2026/07/03 4:30 a.m.7 views

EUVD-2026-41485

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/07/03 12:0 a.m.13 views

PT-2026-55496

Name of the Vulnerable Software and Affected Versions AR for WooCommerce versions prior to 8.41 Description The plugin is subject to Directory Traversal, allowing unauthenticated attackers to read arbitrary files on the server that may contain sensitive information. This is possible via the file...

7.5CVSS6AI score0.00473EPSS
Exploits0References11
attackerkb
attackerkb
added 2026/03/31 8:45 p.m.2 views

CVE-2026-34613

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

6.5CVSS5.9AI score0.00201EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2025/12/11 11:15 p.m.6 views

CVE-2025-67780

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 e.g., on Mini1prod2 allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation,...

4.2CVSS0.00153EPSS
Exploits1References1
cve
cve
added 2025/12/11 11:5 p.m.27 views

CVE-2025-67780

SpaceX Starlink Dish devices running firmware 2024.12.04.mr46620 are affected by CVE-2025-67780 due to unauthenticated LAN gRPC requests. The issue allows administrative actions via the diagnostic interface, and the cross-origin policy can be bypassed by omitting a Referer header, potentially ena...

4.2CVSS6AI score0.00153EPSS
Exploits1References1
vulncheck_kev
vulncheck_kev
added 2024/01/22 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-21745

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...

4.3CVSS6.7AI score0.55709EPSS
Exploits0References1
osv
osv
added 2021/10/20 4:15 p.m.4 views

CVE-2021-21745

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...

4.3CVSS6.6AI score0.55709EPSS
Exploits0References1
prion
prion
added 2015/01/02 7:59 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in cgi-bin/ipinfo.cgi in IPCop aka IPCop Firewall before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING. NOTE: this can be used to bypass the cross-site request forgery CSRF protection mechanism by setting the Refere...

4.3CVSS6.5AI score0.01343EPSS
Exploits1References4Affected Software1
seebug
seebug
added 2014/09/16 12:0 a.m.20 views

ecshop最新版csrf 下载数据库

简要描述: 太阳底下 详细说明: 测试版本,最新的2.7.4 beta1 目测2.7.3所有版本也都没有token 没有新鲜事。翻了好几遍厂商漏洞列表,确实没看到有人提过。 备份数据库的功能。 请求如下:有一个token的字段,但是默认为空,服务端也没有检查该字段,直接为空就可以请求成功。 同样,厂商采用了使用referer的方式来防御csrf,只要为空就可以绕过。可以说是这种防御是没有效果的。 构造好exp,管理员点击之后,在web目录下生成用户可控文件名的sql文件。可以直接下载。 漏洞证明: https://images.seebug.org/upload/201409/12165...

7.1AI score
Exploits0
Rows per page
Query Builder