Lucene search
K

1395 matches found

Positive Technologies
Positive Technologies
added 2023/08/28 12:0 a.m.4 views

PT-2023-4663 · Freerdp +8 · Freerdp +8

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.11.0 FreeRDP versions prior to 3.0.0-beta3 Description: The issue is related to an Out-Of-Bounds Write in the clear decompress bands data function due to a lack of offset validation. This can be exploited by a remo...

9.8CVSS6.5AI score0.0375EPSS
Exploits25References314
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.5 views

PT-2023-4495 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this, where the target must...

7.8CVSS7.1AI score0.0034EPSS
Exploits0References5
OSV
OSV
added 2023/08/10 7:15 a.m.5 views

CVE-2023-4277

The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'processchangeprofileform' function. This makes it possible for unauthenticated attackers to change user email via a forged request...

6.5CVSS7.2AI score0.00267EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.4 views

Nextcloud Access Control Error Vulnerability

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. An access control error vulnerability exists in Nextcloud Server that stems from a lack of password validation...

8.1CVSS7AI score0.00242EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/08/03 3:15 p.m.6 views

CVE-2023-39096

WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting XSS vulnerability due to lack of input validation and output encoding...

5.4CVSS6.1AI score0.00289EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.3 views

Total CMS 代码问题漏洞

Total CMS is an online editing solution from Total CMS Open Source. A file upload vulnerability exists in Total CMS version 1.7.4, which stems from the lack of validation of uploaded files by the edit page feature. The vulnerability can be exploited to remotely execute arbitrary code by uploading...

8.8CVSS7.8AI score0.23732EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/07/31 2:15 p.m.4 views

CVE-2023-34635

Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page...

9.8CVSS7.4AI score0.02084EPSS
Exploits4References3
NVD
NVD
added 2023/07/15 7:15 p.m.19 views

CVE-2023-2507

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them...

9.3CVSS0.00672EPSS
Exploits1References3
OSV
OSV
added 2023/07/12 8:15 a.m.4 views

CVE-2020-36760

The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the addcoreextensionsbundlevalidation function. This makes it possible for unauthenticated attackers to validate...

4.3CVSS5.6AI score0.005EPSS
Exploits1References9
OSV
OSV
added 2023/07/12 8:15 a.m.3 views

CVE-2021-4425

The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verifyotplogintime function. This makes it possible for unauthenticated attackers to verify a one time login...

4.3CVSS5.6AI score0.005EPSS
Exploits1References9
OSV
OSV
added 2023/07/12 7:15 a.m.6 views

CVE-2021-4423

The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgdinsertupdate function. This makes it possible for unauthenticated attackers to update post fields via a forged...

4.3CVSS5.6AI score0.0039EPSS
Exploits0References9
OSV
OSV
added 2023/07/12 7:15 a.m.3 views

CVE-2020-36756

The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the createcsvfile function. This makes it possible for unauthenticated attackers to create a CSV file via a forged...

4.3CVSS5.6AI score0.0035EPSS
Exploits0References9
OSV
OSV
added 2023/07/12 5:15 a.m.6 views

CVE-2023-3199

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatestatusordertitle function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site...

4.3CVSS7.2AI score0.00298EPSS
Exploits0References3
OSV
OSV
added 2023/07/12 5:15 a.m.6 views

CVE-2020-36752

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save meta boxe...

4.3CVSS5.6AI score0.00405EPSS
Exploits1References9
OSV
OSV
added 2023/07/12 4:15 a.m.6 views

CVE-2021-4413

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save field icons via a...

4.3CVSS5.6AI score0.00345EPSS
Exploits0References9
OSV
OSV
added 2023/07/12 4:15 a.m.5 views

CVE-2021-4416

The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdfadminsavepost function. This makes it possible for unauthenticated attackers to save post data via a forged request...

4.3CVSS5.6AI score0.00345EPSS
Exploits0References9
OSV
OSV
added 2023/07/12 4:15 a.m.5 views

CVE-2021-4409

The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpfdeletefeed function. This makes it possible for unauthenticated attackers to delete an export...

4.3CVSS5.6AI score0.00342EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.7 views

WordPress Plugin WP EasyPay – Square for WordPress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP EasyPay...

4.3CVSS5AI score0.00351EPSS
Exploits0References11
OSV
OSV
added 2023/07/01 6:15 a.m.4 views

CVE-2020-36746

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswpsavemeta function. This makes it possible for unauthenticated attackers to save meta data via a forged reque...

4.3CVSS5.6AI score0.00389EPSS
Exploits1References9
OSV
OSV
added 2023/07/01 6:15 a.m.5 views

CVE-2020-36748

The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handleorderexport function. This makes it possible for unauthenticated attackers to trigger an order export via a forged...

4.3CVSS5.5AI score
Exploits0References9
Rows per page
Query Builder