Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4960 matches found

NVD
NVDadded 2024/03/20 7:15 a.m.13 views

CVE-2024-1477

The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by th...

5.3CVSS5AI score0.00435EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/03/20 6:48 a.m.18 views

CVE-2024-1473 Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure

The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mo...

5.3CVSS7.2AI score0.00533EPSS
Exploits0References3
CVE
CVEadded 2024/03/20 6:48 a.m.90 views

CVE-2024-1473

CVE-2024-1473 affects the Colorlib Coming Soon & Maintenance Mode plugin for WordPress. The vulnerability allows Information Exposure via the REST API in all versions up to and including 1.0.99, enabling unauthenticated attackers to obtain post/page contents and bypass maintenance mode protection...

5.3CVSS9.1AI score0.00533EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2024/03/20 6:48 a.m.27 views

CVE-2024-1473 Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure

The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mo...

5.3CVSS5.4AI score0.00533EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/03/20 6:48 a.m.11 views

CVE-2024-1477 Easy Maintenance Mode <= 1.4.2 - Information Exposure

The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by th...

5.3CVSS7.2AI score0.00435EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/03/20 6:48 a.m.18 views

CVE-2024-1477 Easy Maintenance Mode <= 1.4.2 - Information Exposure

The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by th...

5.3CVSS5.2AI score0.00435EPSS
Exploits0References2
CVE
CVEadded 2024/03/20 6:48 a.m.76 views

CVE-2024-1477

CVE-2024-1477 affects the Easy Maintenance Mode plugin for WordPress. All versions up to and including 1.4.2 are vulnerable to Sensitive Information Exposure via the REST API, enabling authenticated attackers to obtain post/page content and bypass plugin protections. Root cause: REST API exposure...

5.3CVSS5.9AI score0.00435EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/03/20 12:0 a.m.5 views

PT-2024-18077 · Colorlib · Wp Maintenance Mode & Coming Soon

Name of the Vulnerable Software and Affected Versions: Coming Soon & Maintenance Mode by Colorlib plugin for WordPress versions up to, and including, 1.0.99 Description: The issue allows unauthenticated attackers to obtain post and page contents via the REST API, thus bypassing maintenance mode...

5.3CVSS9.6AI score0.00533EPSS
Exploits0References4
WPVulnDB
WPVulnDBadded 2024/03/19 12:0 a.m.19 views

Easy Maintenance Mode <= 1.4.2 - Information Exposure

Description The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection...

5.3CVSS6.5AI score0.00435EPSS
Exploits0References1
WPVulnDB
WPVulnDBadded 2024/03/19 12:0 a.m.14 views

Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure

Description The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing...

5.3CVSS6.8AI score0.00533EPSS
Exploits0References1
Metasploit
Metasploitadded 2024/03/14 7:51 p.m.624 views

JetBrains TeamCity Unauthenticated Remote Code Execution

This module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker...

6AI score
Exploits0
OSV
OSVadded 2024/03/14 3:15 a.m.5 views

CVE-2024-25651

User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint...

5.3CVSS5.8AI score0.00476EPSS
Exploits0References1
NVD
NVDadded 2024/03/14 3:15 a.m.10 views

CVE-2024-25651

User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint...

5.3CVSS6.5AI score0.00476EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/03/14 12:0 a.m.15 views

CVE-2024-25650

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This...

6.3AI score0.0025EPSS
Exploits0References1
CVE
CVEadded 2024/03/14 12:0 a.m.87 views

CVE-2024-25651

CVE-2024-25651 affects Delinea PAM Secret Server 11.4. The authentication REST API is vulnerable to user enumeration: responses from the /oauth2/token endpoint differ for valid versus invalid usernames, allowing a remote attacker to determine valid users. Root cause: differing handling of authent...

5.3CVSS6.8AI score0.00476EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/03/14 12:0 a.m.18 views

CVE-2024-25651

User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint...

6.9AI score0.00476EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/03/14 12:0 a.m.12 views

CVE-2024-25651

User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint...

6.8AI score0.00476EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/03/14 12:0 a.m.25 views

CVE-2024-25650

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This...

6.2AI score0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/03/14 12:0 a.m.5 views

PT-2024-21066 · Delinea · Delinea Pam Secret Server

Name of the Vulnerable Software and Affected Versions: Delinea PAM Secret Server version 11.4 Distributed Engine version 8.4.3 Description: The issue allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the "/pre-authenticate",...

5.9CVSS6.6AI score0.0025EPSS
Exploits0References5
CVE
CVEadded 2024/03/14 12:0 a.m.108 views

CVE-2024-25650

CVE-2024-25650 describes an insecure key exchange between Delinea PAM Secret Server 11.4 and Distributed Engine 8.4.3, where a PAM administrator can obtain the Symmetric Key used to encrypt RabbitMQ messages by crafting payloads to the REST endpoints “/pre-authenticate”, “/authenticate”, and “/ex...

5.9CVSS6.1AI score0.0025EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder