Lucene search
K

182 matches found

Vulnrichment
Vulnrichment
added 2024/11/01 2:17 p.m.12 views

CVE-2024-43312 WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9...

5.4CVSS6.9AI score0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/29 4:36 p.m.39 views

CVE-2024-50459 WordPress AidWP plugin <= 3.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AidWP: from n/a through = 3.2.3...

5.3CVSS0.004EPSS
Exploits0References1
OSV
OSV
added 2024/06/06 12:26 p.m.8 views

CGA-PH3C-H868-5MMG

Bulletin has no description...

4.3CVSS5.7AI score0.0108EPSS
Exploits0
CNVD
CNVD
added 2024/03/01 12:0 a.m.7 views

Mattermost Illegal Authorization Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an illegal authorization vulnerability that stems from the Jira plugin's inability to check the security level of incoming issues when processing subscriptions and to restrict...

4.1CVSS6.6AI score0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/09 2:46 p.m.31 views

CVE-2024-24774 Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin)

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...

3.4CVSS4.7AI score0.00456EPSS
Exploits0References1
Hacker One
Hacker One
added 2023/08/25 9:40 p.m.80 views

Tor: 'Request English versions of web pages for enhanced privacy' keeps previous (grayed out) settings

The vulnerability allowed an attacker to identify users who had changed their language settings in the Tor Browser. By exploiting JavaScript and HTTP fingerprinting techniques, the attacker could determine the user's language preferences, even if the user had enabled the "Request English versions...

6.9AI score
Exploits0
OSV
OSV
added 2023/06/13 9:15 a.m.4 views

CVE-2023-27465

A vulnerability has been identified in SIMOTION C240 All versions = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4, SIMOTION D445-2 DP/PN All versions = V5.4 = V5.4 = V5.4, SIMOTION P320-4 S All versions = V5.4. When operated with Security Level Low the device does not protect acces...

4.6CVSS6.1AI score0.00276EPSS
Exploits0References1
Prion
Prion
added 2023/06/13 9:15 a.m.19 views

Design/Logic Flaw

A vulnerability has been identified in SIMOTION C240 All versions = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4, SIMOTION D445-2 DP/PN All versions = V5.4 = V5.4 = V5.4, SIMOTION P320-4 S All versions = V5.4. When operated with Security Level Low the device does not protect acces...

2.1CVSS4.6AI score0.00276EPSS
Exploits0References1Affected Software13
CVE
CVE
added 2023/06/13 8:17 a.m.39 views

CVE-2023-27465

CVE-2023-27465 affects Siemens SIMOTION products (C240, C240 PN, D410-2/PN, D425-2/PN, D435-2/PN, D445-2/PN, D455-2/PN, P320-4 E/S) with V5.4–V5.5 SP1. Root cause: lack of protection for debugging-related services when Security Level Low, enabling an unauthenticated attacker to extract confidenti...

4.6CVSS4.6AI score0.00276EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/13 8:17 a.m.36 views

CVE-2023-27465

A vulnerability has been identified in SIMOTION C240 All versions = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4, SIMOTION D445-2 DP/PN All versions = V5.4 = V5.4 = V5.4, SIMOTION P320-4 S All versions = V5.4. When operated with Security Level Low the device does not protect acces...

4.6CVSS5AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.4 views

PT-2023-3372 · Siemens · Simotion D435-2 Dp +6

Name of the Vulnerable Software and Affected Versions: SIMOTION C240 versions 5.4 through 5.5 SP1 SIMOTION C240 PN versions 5.4 through 5.5 SP1 SIMOTION D410-2 DP versions 5.4 through 5.5 SP1 SIMOTION D410-2 DP/PN versions 5.4 through 5.5 SP1 SIMOTION D425-2 DP versions 5.4 through 5.5 SP1 SIMOTI...

4.9CVSS4.8AI score0.00276EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 11:16 a.m.19 views

curl: FTP too eager connection reuse

A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic...

5.9CVSS6.8AI score0.01607EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7401

Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...

7.5CVSS6.7AI score0.03997EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/06/14 12:0 a.m.29 views

All Bachmann M1 System Processor Modules Use of Password Hash with Insufficient Computational Effort (CVE-2020-16231)

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life...

8.8CVSS8AI score0.00784EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/05/18 10:42 p.m.48 views

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS3.6AI score0.01026EPSS
Exploits0References3
Prion
Prion
added 2022/05/03 4:15 p.m.26 views

Design/Logic Flaw

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

4.3CVSS7.2AI score0.01026EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/03 12:0 p.m.27 views

RUSTSEC-2022-0026 Incorrect MAC key used in the RC4-MD5 ciphersuite

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS7.3AI score0.01026EPSS
Exploits0References3
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/11/18 12:2 p.m.21 views

What is a firewall ❓ Everything you need to know about

In the tech world, a firewall is a wellbeing network framework that screens and controls moving ever closer affiliation traffic dependent upon destined security rules. A firewall ordinarily draws up a line between a confided in affiliation and an untrusted affiliation, like the Internet.‍ What is...

7.3AI score
Exploits0
ICS
ICS
added 2021/01/26 12:0 a.m.49 views

All Bachmann M1 System Processor Modules

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bachmann Electronic, GmbH Equipment: All M-Base Controllers Vulnerability : Use of Password Hash with Insufficient Computational Effort 2. REPOSTED INFORMATION This updated advisory is a follow-up to...

8.8CVSS8.5AI score0.00784EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2020/10/29 12:0 a.m.449 views

Online Examination System 1.0 - &#039;name&#039; Stored Cross Site Scripting

Exploit Title: Online examination system 1.0 - 'name' Stored Cross Site Scripting Date: 29/10/2020 Exploit Author: Nikhil Kumar https://www.linkedin.com/in/nikhil-kumar-4b9443166/ Vendor Homepage: https://github.com/projectworldsofficial/online-examination-systen-in-php Software Link:...

7.4AI score
Exploits0
Rows per page
Query Builder