Lucene search
K

133 matches found

OSV
OSV
added 2023/10/20 8:15 a.m.4 views

CVE-2023-4926

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkdeleteproducts function. This makes it possible for unauthenticated attackers to delete products via a forged request...

4.3CVSS7.2AI score0.00288EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/16 4:12 p.m.15 views

CVE-2023-45687 Authentication bypass via session fixation in Titan MFT and Titan SFTP servers

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing...

8.8AI score0.01481EPSS
Exploits2References2
Prion
Prion
added 2023/08/29 10:15 p.m.16 views

Code injection

?If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device...

5.8CVSS6.3AI score0.00613EPSS
Exploits1References4Affected Software1
Hacker One
Hacker One
added 2023/08/18 7:46 a.m.24 views

Nextcloud: DNS pin middleware can be tricked into DNS rebinding allowing SSRF

A vulnerability was disclosed where the DNS pin middleware could be tricked into DNS rebinding, allowing SSRF...

9.8CVSS9.4AI score0.00797EPSS
Exploits1
NVD
NVD
added 2023/07/17 2:15 p.m.22 views

CVE-2022-4023

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...

5.3CVSS0.003EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/07/12 3:52 p.m.20 views

CVE-2023-37961

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...

6.7AI score0.00413EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/01 5:33 a.m.11 views

CVE-2021-4402 Multiple Roles <= 1.3.1- Cross-Site Request Forgery Bypass

The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the muaddrolesinsignupmeta and muaddrolesinsignupmetarecently functions. This makes it possible for unauthenticated...

4.3CVSS5.8AI score0.00408EPSS
Exploits0References9
wpexploit
wpexploit
added 2023/06/20 12:0 a.m.63 views

3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...

5.3CVSS7.1AI score0.003EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/06/14 1:47 a.m.20 views

CVE-2023-3198 MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Status Update

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatestatusordermessage function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site...

4.3CVSS4.7AI score0.00316EPSS
Exploits0References3
OSV
OSV
added 2023/06/09 6:16 a.m.3 views

CVE-2023-2526

The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forg...

5.4CVSS6.5AI score0.00282EPSS
Exploits0References4
NVD
NVD
added 2023/06/07 2:15 a.m.24 views

CVE-2021-4349

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into...

8.8CVSS8.5AI score0.00569EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/05/16 4:0 p.m.32 views

CVE-2023-33006

A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...

5.7AI score0.00319EPSS
Exploits0References1
NVD
NVD
added 2023/04/17 9:15 p.m.22 views

CVE-2023-27911

A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution...

7.8CVSS8AI score0.00643EPSS
Exploits0References1
NCSC
NCSC
added 2023/04/12 12:0 a.m.9 views

Vulnerability fixed in Adobe Digital Editions

Adobe has fixed a vulnerability in Digital Editions. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code. To do this, the malicious party must trick the victim into opening a malicious file to open. Adobe has released updates to fix the vulnerability i...

7.8CVSS7.3AI score0.00328EPSS
Exploits0
OSV
OSV
added 2023/04/06 9:15 p.m.4 views

CVE-2023-1927

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache...

4.3CVSS6.5AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2023/04/06 8:15 p.m.0 views

CVE-2023-1923

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcremovecdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...

4.3CVSS7.2AI score0.00227EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.5 views

SUSE CVE-2022-24889

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surfac...

4.3CVSS4.5AI score0.00628EPSS
Exploits1References3
NVD
NVD
added 2022/10/14 5:15 p.m.41 views

CVE-2022-41303

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system...

7.8CVSS0.00351EPSS
Exploits0References1
Prion
Prion
added 2022/10/14 5:15 p.m.30 views

Double free

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system...

4.4CVSS7.8AI score0.00351EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/14 12:0 a.m.9 views

CVE-2022-41303

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system...

7.7AI score0.00351EPSS
Exploits0References1
Rows per page
Query Builder