Lucene search
K

1394 matches found

Positive Technologies
Positive Technologies
added 2023/07/01 12:0 a.m.3 views

PT-2023-12515 · WordPress · Remove Schema Plugin

Name of the Vulnerable Software and Affected Versions: Remove Schema plugin for WordPress versions up to, and including, 1.5 Description: The issue is due to missing or incorrect nonce validation on the validate function, making it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS4.5AI score0.0033EPSS
Exploits0References12
CNNVD
CNNVD
added 2023/07/01 12:0 a.m.3 views

WordPress Plugin Event Espresso 4 Decaf 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS5AI score0.00327EPSS
Exploits0References11
OSV
OSV
added 2023/06/28 2:15 a.m.4 views

CVE-2023-3427

The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'savecustomer' function. This makes it possible for unauthenticated attackers to change the admin role to...

4.3CVSS7.3AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.19 views

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.4 views

keycloak: Untrusted Certificate Validation

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...

6.5CVSS5.7AI score0.00425EPSS
Exploits0References5
OSV
OSV
added 2023/06/27 4:15 a.m.4 views

CVE-2023-3411

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on the ajaxstoresave function. This makes it possible for unauthenticated...

4.3CVSS7.2AI score0.00253EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/06/17 10:15 p.m.3 views

CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

7.2CVSS5.7AI score0.01222EPSS
Exploits2References4
OSV
OSV
added 2023/06/17 10:15 p.m.3 views

CVE-2023-35808

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...

8.8CVSS7.2AI score0.01255EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2023/06/17 12:0 a.m.4 views

PT-2023-25326 · Sugarcrm · Sugarcrm Enterprise

Name of the Vulnerable Software and Affected Versions: SugarCRM Enterprise versions prior to 11.0.6 SugarCRM Enterprise versions 12.x prior to 12.0.3 Description: An issue has been identified in the REST API of SugarCRM, allowing for a Bean Manipulation vulnerability. This vulnerability can be...

8.8CVSS7.4AI score0.01256EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2023/06/09 7:15 a.m.2 views

CVE-2023-2893

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

4.3CVSS6.7AI score0.00241EPSS
Exploits0References3
OSV
OSV
added 2023/06/09 7:15 a.m.4 views

CVE-2023-2894

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...

4.3CVSS7.2AI score0.00241EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.6 views

PT-2023-17537 · WordPress · The Announcement & Notification Banner – Bulletin

Name of the Vulnerable Software and Affected Versions: The Announcement & Notification Banner – Bulletin plugin for WordPress versions up to, and including, 3.7.0 Description: The issue allows unauthenticated attackers to modify the plugin's settings, modify bulletins, create new bulletins, and...

6.3CVSS6.3AI score0.00288EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.5 views

WordPress Plugin WP Activity Log 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS6.2AI score0.00296EPSS
Exploits0References4
OSV
OSV
added 2023/06/03 12:15 a.m.5 views

CVE-2023-3052

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhaddpost', 'azhduplicatepost', 'azhupdatepost' and 'azhremovepost' functions. This makes it possibl...

8.8CVSS5.7AI score0.00317EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.6 views

PT-2023-19387 · Vcita · The Event Registration Calendar By Vcita

Name of the Vulnerable Software and Affected Versions: The Event Registration Calendar By vcita plugin versions up to and including 3.9.1 Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress affected versions not specified Description: The issue is due to missing nonce...

6.5CVSS6.7AI score0.00419EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2023/05/31 12:0 a.m.4 views

PT-2023-3775 · Fatek Automation · Fvdesigner

Name of the Vulnerable Software and Affected Versions: Fatek Automation FvDesigner affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this...

7.8CVSS7.1AI score0.00394EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/05/31 12:0 a.m.4 views

The vulnerability of the user_list_backend.php script in the Piwigo content management system allows attackers to carry out SQL injection attacks.

The vulnerability of the userlistbackend.php script in the Piwigo content management system is related to the lack of validation for the consistency of XML objects. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...

9CVSS7.7AI score0.00902EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/05/25 9:15 a.m.8 views

CVE-2023-2886

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2023/05/23 8:15 p.m.4 views

CVE-2023-23303

The Toybox.Ant.GenericChannel.enableEncryption API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the...

9.8CVSS6.1AI score0.00792EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.6 views

PT-2023-2951 · Cscape · Cscape Envision Rv +1

Name of the Vulnerable Software and Affected Versions: Cscape EnvisionRV affected versions not specified Cscape affected versions not specified Description: The issue is related to a lack of proper validation of user-supplied data when parsing font files, such as FNT. This can lead to an...

7.8CVSS7.8AI score0.00227EPSS
Exploits0References6
Rows per page
Query Builder