Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-0293

Malicious code in bioql PyPI...

9.4CVSS7.6AI score0.00137EPSS
Exploits0References1
CVE
CVEadded 2024/09/01 11:55 p.m.49 views

CVE-2024-45270

CVE-2024-45270 concerns the WordPress plugin Carousel Slider by Sayful Islam. Public details in the CVE describe a Cross-Site Request Forgery (CSRF) vulnerability in the Hero image selection feature that can, when a site user with the plugin enabled visits a crafted page, cause content changes on...

4.3CVSS6.5AI score0.00149EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2024/02/27 9:15 a.m.9 views

CVE-2024-0855

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...

5.3CVSS6.4AI score0.00219EPSS
Exploits2References1
Prion
Prionadded 2024/02/27 9:15 a.m.16 views

Code injection

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...

7.2AI score0.00219EPSS
Exploits2References1
WPVulnDB
WPVulnDBadded 2024/02/02 12:0 a.m.22 views

Spiffy Calendar < 4.9.9 - Broken Access Control

Description The plugin doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+. PoC Using a Contributor+ account and a proxy interceptor such as Burp Suite, create an event. Change...

6.4AI score0.00219EPSS
Exploits2Affected Software1
OSV
OSVadded 2023/12/13 9:15 a.m.0 views

PYSEC-2023-293

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...

7.5CVSS5.8AI score
Exploits0References1
CVE
CVEadded 2023/12/13 9:8 a.m.27 views

CVE-2023-6718

The CVE-2023-6718 entry concerns an authentication bypass in Repox . Multiple connected sources describe a vulnerability where a remote attacker can send a specially crafted POST request without any authentication, leading to the alteration or creation of users in Repox. The primary affected comp...

9.4CVSS8.1AI score0.00137EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2021/05/28 5:15 p.m.20 views

Design/Logic Flaw

An user able to alter the savevm data either on the disk or over the wire during migration could use this flaw to to corrupt QEMU process memory on the destination host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process...

4.6CVSS7.6AI score0.00044EPSS
Exploits0References2Affected Software1
CERT
CERTadded 2001/07/02 12:0 a.m.34 views

Various shells create temporary files insecurely when using << operator

Overview sh uses /tmp files of a predictable name in creating files for input redirection using the operator. Description When performing the "" redirection, /bin/sh creates a temporary file in /tmp with a name based on the process id, writes subsequent input out to that file, and then closes the...

7.2CVSS6.1AI score0.00177EPSS
Exploits1References3
Rows per page
Query Builder