Lucene search
K

100 matches found

Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.5 views

PT-2023-24856 · Wpclever · Wpc Smart Wishlist For Woocommerce

Name of the Vulnerable Software and Affected Versions: WPClever WPC Smart Wishlist for WooCommerce plugin versions = 4.7.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

8.8CVSS8.8AI score0.00315EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.4 views

PT-2023-23886 · WordPress · Designs & Code Forget About Shortcode Buttons

Name of the Vulnerable Software and Affected Versions: Designs & Code Forget About Shortcode Buttons plugin versions = 2.1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions ...

8.8CVSS8.9AI score0.00338EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.6 views

PT-2023-29902 · WordPress · Jeff Sherk Auto Login New User After Registration

Name of the Vulnerable Software and Affected Versions: Jeff Sherk Auto Login New User After Registration plugin versions = 1.9.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...

8.8CVSS8.8AI score0.00277EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.3 views

PT-2023-29251 · Unknown · Bernhard Kau Backend Localization Plugin

Name of the Vulnerable Software and Affected Versions: Bernhard Kau Backend Localization plugin versions = 2.1.10 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions ...

8.8CVSS8.5AI score0.00227EPSS
Exploits0References4
Metasploit
Metasploit
added 2023/09/28 7:51 p.m.1146 views

JetBrains TeamCity Unauthenticated Remote Code Execution

This module exploits an authentication bypass vulnerability to achieve unauthenticated remote code execution against a vulnerable JetBrains TeamCity server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by SonarSource...

9.8CVSS8.4AI score0.99979EPSS
Exploits17
The Hacker News
The Hacker News
added 2023/08/31 12:46 p.m.299 views

North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository

Three additional rogue Python packages have been discovered in the Package Index PyPI repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.4 views

PT-2023-25145 · WordPress · Mycred

Name of the Vulnerable Software and Affected Versions: myCred plugin versions = 2.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the...

8.8CVSS8.5AI score0.00248EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/11 12:0 a.m.7 views

PT-2023-25943 · WordPress · Wpmobilepack.Com Wordpress Mobile Pack – Mobile Plugin For Progressive Web Apps & Hybrid Mobile Apps

Name of the Vulnerable Software and Affected Versions: WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin versions = 3.4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user in...

6.5CVSS7AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/11 12:0 a.m.7 views

PT-2023-25504 · Salesagility · Salesagility/Suitecrm-Core

Name of the Vulnerable Software and Affected Versions: salesagility/suitecrm-core versions prior to 8.3.1 Description: The issue is related to Cross-Site Request Forgery CSRF in the salesagility/suitecrm-core GitHub repository. This is a type of attack where an attacker tricks a user into...

8.8CVSS7.9AI score0.00302EPSS
Exploits1References7
Atlassian
Atlassian
added 2023/07/06 7:54 a.m.32 views

Using the Jira Python library to make REST API calls with cookie auth bypasses Jira rate limiting

h3. Issue Summary When using the open-source Jira Python library|https://github.com/pycontribs/jira to make REST API calls to Jira, if cookie-based authentication|https://jira.readthedocs.io/examples.htmlcookie-based-authentication is used then Jira's rate limits will be bypassed. This can result...

6.9AI score
Exploits0Affected Software1
OSV
OSV
added 2023/07/01 12:15 a.m.6 views

CVE-2023-22814

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202...

9.8CVSS5.8AI score0.00687EPSS
Exploits0References1
NVD
NVD
added 2023/07/01 12:15 a.m.18 views

CVE-2023-22814

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202...

10CVSS9.6AI score0.00687EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/30 11:5 p.m.9 views

CVE-2023-22814 Authentication Bypass issue in My Cloud OS 5 devices

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202...

10CVSS7.1AI score0.00687EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.5 views

PT-2023-18712 · Western Digital · My Cloud Os 5

Name of the Vulnerable Software and Affected Versions: My Cloud OS 5 versions prior to 5.26.202 Description: An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. Recommendations: F...

10CVSS9.5AI score0.00687EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/05/28 12:0 a.m.5 views

PT-2023-24286 · Unknown · Smart App Banner

Name of the Vulnerable Software and Affected Versions: Smart App Banner plugin versions 1.1.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

8.8CVSS8.6AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.3 views

PT-2023-14587 · WordPress · Webmat Flexible Elementor Panel

Name of the Vulnerable Software and Affected Versions: WebMat Flexible Elementor Panel plugin versions = 2.3.8 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on ...

8.8CVSS8.5AI score0.00273EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/05/19 12:0 a.m.24 views

Western Digital My Cloud Multiple Products 5.x < 5.26.202 Multiple Vulnerabilities (WDC-23006, WDC-23009)

Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.1AI score0.01466EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.4 views

PT-2023-11615 · Beescms · Beescms

Name of the Vulnerable Software and Affected Versions: beescms version 4 Description: A Cross Site Request Forgery CSRF issue allows attackers to delete the administrator account via a crafted request to "/admin/admin admin.php". This can be exploited by sending a malicious request to the specifi...

6.5CVSS6.4AI score0.00367EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2023/02/21 6:45 p.m.18 views

K20606443: iControl REST CSRF vulnerability CVE-2020-5922

Security Advisory Description iControl REST does not implement cross-site request forgery CSRF protections for users applying basic authentication in a web browser. CVE-2020-5922 Impact In a successful exploit, an attacker can run JavaScript in the context of the currently logged-in user. For an...

9.3CVSS8.7AI score0.00593EPSS
Exploits0Affected Software14
Positive Technologies
Positive Technologies
added 2022/12/29 12:0 a.m.4 views

PT-2022-28137 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository usememos/memos. CSRF is an attack that tricks the victim into performing unintended actions on a web...

6.5CVSS6.4AI score0.00328EPSS
Exploits1References9
Rows per page
Query Builder