Lucene search
K

137 matches found

CVE
CVE
added 2024/10/29 12:48 p.m.62 views

CVE-2024-5823

A CVE-2024-5823 entry concerns a file overwrite vulnerability in gaizhenbiao/chuanhuchatgpt versions <= 20240410. The root cause: an insecure file handling path enables an attacker to overwrite critical configuration files, which can lead to unauthorized changes in system behavior or security ...

9.1CVSS7.1AI score0.00527EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2024/10/22 6:32 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...

8.8CVSS7.4AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
added 2024/10/22 6:32 p.m.1 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...

8.8CVSS7.4AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
added 2024/10/22 6:32 p.m.1 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...

8.8CVSS7.4AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
added 2024/10/22 6:32 p.m.1 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...

8.8CVSS7.4AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.3 views

PT-2024-38664 · WordPress · Adstxt Plugin

Name of the Vulnerable Software and Affected Versions: adstxt Plugin WordPress plugin version 1.0.0 Description: The issue is related to the lack of a CSRF check when updating settings in the adstxt Plugin WordPress plugin. This could allow attackers to make a logged-in admin change settings via ...

4.3CVSS6.8AI score0.00199EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.6 views

WordPress plugin blogintroduction-wordpress-plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.7AI score0.0019EPSS
Exploits1References2
OSV
OSV
added 2024/08/30 7:15 a.m.2 views

CVE-2024-39300

Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings...

3.7CVSS5.8AI score0.00481EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/07/08 12:0 a.m.4 views

The vulnerability of ASUS RT-N12+ B1 router’s microprogramming software, related to the storage of passwords in an unencrypted form, allows a intruder to gain unauthorized access to protected information.

The vulnerability of ASUS RT-N12+ B1 router’s microprogramming software is related to deficiencies in the protection of registration data. Exploiting this vulnerability can allow an intruder to gain unauthorized access and alter the router’s settings...

7.2CVSS5.5AI score0.00144EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/05/24 12:13 p.m.4 views

WordPress WP Prayer II plugin <= 2.4.7 - CSRF Leading to Plugin Settings Change vulnerability

CSRF Leading to Plugin Settings Change vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer II versions = 2.4.7...

4.3CVSS7AI score0.00211EPSS
Exploits2References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 8:28 a.m.3 views

Multiple vulnerabilities in home gateway HGW BL1500HM

Overview Home gateway HGW BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Use of weak credentials CWE-1391 - CVE-2024-21865, CVE-2024-29071 Command injection CWE-77 - CVE-2024-28041 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC...

8.8CVSS7.9AI score0.0062EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2023/12/22 5:15 p.m.35 views

CVE-2023-50250

Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in templatesimport.php...

6.1CVSS6.3AI score0.01279EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/08/21 12:0 a.m.6 views

CBC AMERICA 多款产品安全漏洞

CBC AMERICA DR series and CBC AMERICA NR series are a series of digital video recorders from CBC AMERICA. A security vulnerability exists in a number of CBC AMERICA products. The vulnerability stems from the presence of an unknown function, which can be exploited by a remote attacker to execute...

8.8CVSS8.4AI score0.00928EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/20 7:5 a.m.1 views

Multiple vulnerabilities in WordPress Plugin "TS Webfonts for SAKURA"

Overview WordPress Plugin "TS Webfonts for SAKURA" provided by SAKURA internet Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-32624 Cross-site request forgery CWE-352 - CVE-2023-32625 SAKURA internet Inc. reported these vulnerabilities to IPA to notify...

6.1CVSS6.7AI score0.00482EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.4 views

PT-2023-3292 · Teamviewer · Teamviewer Remote

Name of the Vulnerable Software and Affected Versions: TeamViewer Remote versions 15.41 through 15.42.7 Description: The issue is related to an improper authorization check of local device settings in TeamViewer Remote, allowing an unprivileged user to change basic local device settings even thou...

6.6CVSS5.3AI score0.00249EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/06/13 10:15 a.m.1 views

CVE-2023-30764

OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to...

9.8CVSS6AI score0.01543EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/13 10:15 a.m.3 views

CVE-2023-30766

Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...

9.8CVSS6AI score0.00703EPSS
Exploits0References3
OSV
OSV
added 2023/06/07 2:15 a.m.2 views

CVE-2021-4348

The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the exportsettings & importsettings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks suc...

6.1CVSS5.8AI score0.0066EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.4 views

PT-2023-11839 · WordPress · Wp Gdpr

Name of the Vulnerable Software and Affected Versions: WP GDPR plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to authorization bypass due to a missing capability check. This allows unauthenticated attackers to delete any comment and modify the plugin's...

7.3CVSS6.5AI score0.00851EPSS
Exploits1References5
OSV
OSV
added 2023/06/03 5:15 a.m.6 views

CVE-2023-2301

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the lsparsevcitacallback function. This makes it possible for unauthenticated attackers to modify the plugin's...

6.1CVSS5.7AI score
Exploits0References3
Rows per page
Query Builder