Lucene search
+L

140 matches found

Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.10 views

PT-2025-21726 · WordPress · Steve Puddick Wp Notes Widget

Name of the Vulnerable Software and Affected Versions: Steve Puddick WP Notes Widget versions 1.0.0 through 1.0.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an...

6.5CVSS6.8AI score0.00169EPSS
Exploits0References4
Veracode
Veracode
added 2025/05/02 5:26 a.m.8 views

Improper Certificate Validation

github.com/rancher/steve is vulnerable to improper certificate validation. The vulnerability is due to the default setting does not verify the certificate presented by the remote server, which allows an attacker to intercept or alter TLS communications...

6.9AI score0.00296EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/26 5:14 p.m.19 views

CVE-2025-46528

Cross-Site Request Forgery CSRF vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through = 0.2.4...

7.1CVSS7.2AI score0.00127EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/25 3:12 p.m.2 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation presented by the remote server during a TLS connection. An attacker can intercept and potentially alter communications by positioning themselves between the client and the server. Note: This is only...

8CVSS7AI score0.00296EPSS
Exploits0References2
NVD
NVD
added 2025/04/24 4:15 p.m.21 views

CVE-2025-46528

Cross-Site Request Forgery CSRF vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through = 0.2.4...

7.1CVSS0.00127EPSS
Exploits0References1
CVE
CVE
added 2025/04/24 4:8 p.m.56 views

CVE-2025-46528

CVE-2025-46528 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Availability Calendar plugin, which allows Stored XSS. Affected versions are Availability Calendar up to 0.2.4. The available connected sources confirm the CSRF vector and stored XSS potential but do not p...

7.1CVSS7.2AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/17 2:45 a.m.13 views

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

5.9CVSS7.8AI score0.00418EPSS
Exploits1References1
NVD
NVD
added 2025/04/15 9:15 p.m.12 views

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

5.9CVSS0.00418EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/04/15 12:0 a.m.15 views

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

0.00418EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/04/15 12:0 a.m.8 views

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

6.2AI score0.00418EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.6 views

SteVe 安全漏洞

SteVe is an open platform open-sourced by the SteVe Community. It is used to implement, test and evaluate novel ideas for electric vehicles, such as authentication protocols, charging point reservation mechanisms and business models for electric vehicles. A security vulnerability exists in SteVe...

5.9CVSS7.2AI score0.00418EPSS
Exploits1References3
OSV
OSV
added 2025/04/15 12:0 a.m.11 views

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

5.9CVSS7.7AI score0.00418EPSS
Exploits1References5
CVE
CVE
added 2025/04/15 12:0 a.m.55 views

CVE-2024-44843

CVE-2024-44843 affects SteVe v3.7.1. The issue is in the WebSocket handshake process, enabling an attacker to bypass authentication and deliver crafted OCPP requests to execute arbitrary commands. Documented impact includes authentication bypass and potential command execution on the affected ser...

5.9CVSS8AI score0.00418EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/11/20 6:23 p.m.13 views

GHSA-J5HQ-5JCR-XWX7 github.com/rancher/steve's users can issue watch commands for arbitrary resources

Impact A vulnerability has been discovered in Steve API Kubernetes API Translator in which users can watch resources they are not allowed to access, when they have at least some generic permissions on the type. For example, a user who can get a single secret in a single namespace can get all...

7.7CVSS7.3AI score0.00444EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/11/20 6:23 p.m.36 views

github.com/rancher/steve's users can issue watch commands for arbitrary resources

Impact A vulnerability has been discovered in Steve API Kubernetes API Translator in which users can watch resources they are not allowed to access, when they have at least some generic permissions on the type. For example, a user who can get a single secret in a single namespace can get all...

7.7CVSS7.3AI score0.00444EPSS
Exploits0References6Affected Software1
Schneier on Security
Schneier on Security
added 2024/11/20 4:22 p.m.9 views

Steve Bellovin’s Retirement Talk

Steve Bellovin is retiring. Here's his retirement talk, reflecting on his career and what the cybersecurity field needs next...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2024/08/23 12:0 a.m.6 views

RequestStore 安全漏洞

RequestStore is a tool by Steve Klabnik Personal Developer. A security vulnerability exists in RequestStore version 1.3.2. An attacker exploiting this vulnerability could execute arbitrary code...

7.8CVSS7.7AI score0.00194EPSS
Exploits0References3
NVD
NVD
added 2024/08/12 3:15 p.m.16 views

CVE-2024-21550

SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...

6.1CVSS0.00377EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/12 2:54 p.m.16 views

CVE-2024-21550

SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...

6.1CVSS6.2AI score0.00377EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/12 2:54 p.m.36 views

CVE-2024-21550

SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...

6.1CVSS0.00377EPSS
Exploits0References4
Rows per page
Query Builder