Lucene search
+L

216 matches found

Vulnrichment
Vulnrichment
added 2024/05/23 5:32 a.m.11 views

CVE-2024-3711 Brizy – Page Builder <= 2.4.43 - Missing Authorization

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions actionrequestdisable, actionchangetemplate, and actionrequestenable in all versions up to, and including, 2.4.43. This makes it possible for...

4.3CVSS6.5AI score0.00343EPSS
Exploits0References3
CVE
CVE
added 2024/04/16 9:26 p.m.68 views

CVE-2024-21065

Oracle PeopleSoft CVE-2024-21065 affects PeopleTools Workflow in versions 8.59–8.61. Root cause: insufficient input validation in the Workflow component allows an unauthenticated, HTTP-accessible attacker to read, modify, add or delete data, with human interaction required. Impact aligns to unaut...

6.1CVSS6.6AI score0.00341EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.4 views

PT-2024-4896 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product within...

6.4CVSS7AI score0.00382EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/09 12:0 a.m.5 views

PT-2024-18378 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.260 Description: The issue is related to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function. This allows...

4.3CVSS9.2AI score0.00406EPSS
Exploits0References8
NVD
NVD
added 2024/02/17 2:15 a.m.37 views

CVE-2024-20947

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

5.4CVSS5.1AI score0.00308EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.18 views

Royal Elementor Addons and Templates < 1.3.88 - Missing Authorization via wpr_update_form_action_meta

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wprupdateformactionmeta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers...

5CVSS6.6AI score0.00225EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/05 10:16 p.m.4 views

CVE-2024-0835

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...

4.3CVSS5.9AI score0.00533EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.29 views

CVE-2024-0835 Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...

4.3CVSS4.8AI score0.00533EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/05 9:21 p.m.17 views

CVE-2024-0835 Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...

4.3CVSS6.8AI score0.00533EPSS
Exploits0References3
CVE
CVE
added 2024/02/05 9:21 p.m.46 views

CVE-2024-0835

CVE-2024-0835 affects the Royal Elementor Kit theme for WordPress. A missing capability check in the dismissed_handler function (versions up to and including 1.0.116) allows authenticated attackers with subscriber access or higher to update transients to true. Impact is limited to transients; no ...

4.3CVSS5.4AI score0.00533EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.26 views

CVE-2024-0869 Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update

The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license...

8.8CVSS8.7AI score0.00791EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/01/22 7:14 p.m.11 views

CVE-2023-6384 WP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR

The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar...

7.2AI score0.00405EPSS
Exploits2References1
OSV
OSV
added 2024/01/16 10:15 p.m.7 views

CVE-2024-20928

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...

6.1CVSS7.3AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 2024/01/16 10:15 p.m.39 views

CVE-2024-20930

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

6.3CVSS5.8AI score0.00366EPSS
Exploits0References1
NVD
NVD
added 2023/12/21 10:15 a.m.27 views

CVE-2023-50783

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are...

6.5CVSS0.0139EPSS
Exploits0References3
Veracode
Veracode
added 2023/11/30 8:28 p.m.28 views

Improper Access Control

openjdk8 is vulnerable to Improper Access Control. An attacker can unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data via CORBA...

5.3CVSS6.4AI score0.00888EPSS
Exploits0References8Affected Software1
Code423n4
Code423n4
added 2023/10/20 12:0 a.m.7 views

Unauthorized account can update policy of any account without a policy

Lines of code Vulnerability details Impact Unauthorized account can update policy of any account without a policy Proof of Concept if currentCommit == bytes320 && msg.sender == AddressProviderService.getAuthorizedAddressSAFEDEPLOYERHASH The argument passed into getAuthorizedAddress -...

7.2AI score
Exploits0
NVD
NVD
added 2023/10/17 10:15 p.m.18 views

CVE-2023-22122

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

5.9CVSS5.7AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2023/10/17 10:15 p.m.4 views

CVE-2023-22127

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

6.3CVSS5.8AI score0.00367EPSS
Exploits0References1
NVD
NVD
added 2023/08/31 6:15 a.m.11 views

CVE-2023-2353

The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chpabdaction function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level attackers to change or reset plugin...

4.3CVSS4.4AI score0.00519EPSS
Exploits0References4
Rows per page
Query Builder