Lucene search
K

289 matches found

RedhatCVE
RedhatCVE
added 2025/03/16 12:3 p.m.12 views

CVE-2024-13771

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change...

9.8CVSS7.6AI score0.00409EPSS
Exploits0References1
NVD
NVD
added 2025/03/14 12:15 p.m.21 views

CVE-2024-13771

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change...

9.8CVSS0.00409EPSS
Exploits0References2
CVE
CVE
added 2025/03/14 11:15 a.m.61 views

CVE-2024-13771

CVE-2024-13771 affects the Civi - Job Board & Freelance Marketplace WordPress Theme (

9.8CVSS7.5AI score0.00409EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/07 8:41 a.m.11 views

CVE-2024-8682

The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. This is due to the plugin not properly validate if the user can register option is enabled prior to creating a user though the...

5.3CVSS6.9AI score0.00258EPSS
Exploits1References1
OSV
OSV
added 2025/02/26 6:35 p.m.7 views

DRUPAL-CONTRIB-2025-019

The Cache Utility module provides an ability to view status and flush various caches. The module doesn't sufficiently protect against Cross Site Request Forgery CSRF attacks by validating user identity and intent when flushing a cache...

8.8CVSS6.7AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/20 4:28 a.m.8 views

CVE-2024-13677

The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. This is due to the plugin not properly validating a user's identity prior to updating their details...

8.8CVSS7.1AI score0.0048EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 1:52 a.m.5 views

CVE-2022-43644

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on T...

8.8CVSS7.1AI score0.00962EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:54 p.m.15 views

CVE-2020-15430

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the username parameter, the proces...

10CVSS7.3AI score0.08083EPSS
Exploits0
OSV
OSV
added 2024/12/30 3:31 p.m.12 views

GHSA-9WMC-988H-2MV2 TeamPass privileges issue

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different userid...

9.3CVSS5.5AI score0.00452EPSS
Exploits0References5
NVD
NVD
added 2024/11/28 10:15 a.m.24 views

CVE-2024-11103

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated...

9.8CVSS0.00747EPSS
Exploits0References4
CVE
CVE
added 2024/11/22 8:5 p.m.47 views

CVE-2023-52333

CVE-2023-52333 affects Allegra via the saveFile directory traversal vulnerability. The flaw arises from insufficient validation of a user-supplied path used in file operations, enabling remote code execution in the LOCAL SERVICE context. The initial description notes that authentication is requir...

9.8CVSS9.9AI score0.01854EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/11/20 3:58 a.m.8 views

Improper Authorization

symfony/security-bundle is vulnerable to Improper Authorization. The vulnerability is due to the Security::login method not calling the configured userchecker, preventing proper user validation and allowing unauthorized logins...

3.1CVSS6.5AI score0.00318EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2024/11/18 4:2 p.m.25 views

CVE-2020-3420 Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...

5.4CVSS0.00405EPSS
Exploits0References2
NVD
NVD
added 2024/11/13 4:15 a.m.23 views

CVE-2024-10174

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'AbstractPermission' class due to missing validation on the 'useri...

7.3CVSS0.00637EPSS
Exploits0References3
CVE
CVE
added 2024/11/06 4:31 p.m.50 views

CVE-2024-20533

Cisco CVE-2024-20533 affects the web UI of Cisco Desk Phone 9800 Series, IP Phones 6800/7800/8800, and Video Phone 8875 with Multiplatform Firmware. The issue is stored XSS arising from improper validation of user input in the web UI, allowing an authenticated remote attacker to inject script via...

4.8CVSS5AI score0.0027EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/29 5:15 p.m.4 views

CVE-2024-9988

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'cryptoconnectajaxprocess::register' function. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS5.8AI score0.0108EPSS
Exploits0References2
CVE
CVE
added 2024/10/26 8:36 a.m.53 views

CVE-2024-9637

CVE-2024-9637 concerns the WordPress plugin School Management System – WPSchoolPress . The vulnerability is an Insecure Direct Object Reference (IDOR) that enables privilege escalation via account takeover. An authenticated user with teacher-level access or above can alter other users’ emails (in...

8.8CVSS8.9AI score0.00489EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/10/21 12:0 a.m.17 views

Cisco NX-OS Protection Mechanism Failure (CVE-2024-20284)

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...

8.8CVSS6.2AI score0.00194EPSS
Exploits0References3
CVE
CVE
added 2024/09/14 12:31 p.m.59 views

CVE-2024-6482

CVE-2024-6482 : The WordPress plugin Login with phone number (versions

8.8CVSS8.7AI score0.00485EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/09/06 2:15 p.m.18 views

CVE-2024-8428

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...

8.8CVSS0.00485EPSS
Exploits0References3
Rows per page
Query Builder