Lucene search
K

514 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.8 views

CVE-2024-27114

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the...

9.8CVSS8AI score0.00539EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.14 views

CVE-2024-27115

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution...

10CVSS7.9AI score0.0459EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.5 views

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

9.8CVSS7.1AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.9 views

CVE-2024-27112

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02...

9.8CVSS8.2AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:32 a.m.11 views

CVE-2024-25841

In the module "So Flexibilite" soflexibilite from Common-Services for PrestaShop 4.1.26, a guest authenticated customer can perform Cross Site Scripting XSS injection...

5.9CVSS5.4AI score0.00385EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.6 views

CVE-2023-51492

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1...

6.5CVSS6.7AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.8 views

CVE-2023-37765

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gfdumpvrmlsffield function at /lib/libgpac.so...

5.5CVSS7.2AI score0.00305EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.7 views

CVE-2023-47511

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SO WP Pinyin Slugs plugin = 2.3.0 versions...

5.9CVSS5.6AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:6 p.m.5 views

CVE-2022-34972

So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the attvalueid , manuvalueid , optvalueid , and subcatevalueid parameters at /index.php?route=extension/module/sofiltershopby/filterdata...

9.8CVSS8.5AI score0.01454EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.9 views

CVE-2024-5440

The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.4CVSS5.9AI score0.00254EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.34 views

CVE-2024-5440

Affected software: WordPress plugin If-So Dynamic Content Personalization, versions prior to 1.8.0.3. Vulnerability: The plugin does not validate and escape certain shortcode attributes before outputting them on the page/post where the shortcode is embedded, enabling Stored XSS if exploited. Impa...

5.4CVSS5.9AI score0.00254EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.11 views

CVE-2024-5440 If-So Dynamic Content Personalization < 1.8.0.3 - Contributor+ Shortcode Stored XSS

The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.5AI score0.00254EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.4 views

PT-2025-21478 · WordPress · If-So Dynamic Content Personalization

Name of the Vulnerable Software and Affected Versions: If-So Dynamic Content Personalization WordPress plugin versions prior to 1.8.0.3 Description: The issue concerns the If-So Dynamic Content Personalization WordPress plugin, where it fails to validate and escape certain shortcode attributes...

5.4CVSS5.3AI score0.00254EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/03/29 12:0 a.m.6 views

PT-2025-13608 · WordPress · So-Called Air Quotes

Name of the Vulnerable Software and Affected Versions: So-Called Air Quotes plugin for WordPress versions up to, and including, 0.1 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before running do...

7.3CVSS9.6AI score0.00458EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2014-1544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the CERTDestroyCertificate function in libnss3.so in Mozilla Network Security Services NSS 3.x, as used in Firefox before 31.0,...

10CVSS7.5AI score0.06109EPSS
Exploits0References2
OSV
OSV
added 2024/12/02 9:48 p.m.13 views

GHSA-638J-PMJW-JQ48 rails-html-sanitizer has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. Versions affected: 1.6.0 Not affected: 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may...

2.3CVSS5AI score0.00462EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/11/21 10:52 p.m.7 views

WordPress If-So Dynamic Content Personalization plugin <= 1.9.2.1 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin If-So Dynamic Content Personalization versions = 1.9.2.1...

4.3CVSS7AI score0.00457EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/11/21 4:24 a.m.54 views

CVE-2024-10796

CVE-2024-10796 (If-So Dynamic Content Personalization, WordPress) The WordPress plugin is vulnerable to information exposure on all versions up to 1.9.2.1 via the ifso-show-post shortcode due to insufficient post access restrictions. Authenticated attackers with Contributor level or higher could ...

4.3CVSS4.3AI score0.00457EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/21 12:0 a.m.9 views

WordPress If-So Dynamic Content Personalization Plugin <= 1.9.2.1 is vulnerable to Broken Access Control

Software If-So Dynamic Content Personalization Type Plugin Vulnerable versions = 1.9.2.1 Fixed in 1.9.2.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10796 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

4.3CVSS6.7AI score0.00457EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/10/28 1:15 p.m.29 views

CVE-2024-8013

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

3.3CVSS0.00119EPSS
Exploits0References1
Rows per page
Query Builder