Lucene search
K

1394 matches found

CNNVD
CNNVD
added 2023/01/23 12:0 a.m.3 views

WordPress plugin Search & Filter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.4 views

WordPress plugin Custom 404 Pro 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site request forgery vulnerability...

4.3CVSS4.8AI score0.00319EPSS
Exploits0References3
OSV
OSV
added 2023/01/11 4:15 a.m.5 views

CVE-2022-0553

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily...

4.6CVSS5.5AI score0.00282EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/01/11 12:0 a.m.7 views

IBM Sterling Partner Engagement Manager SQL注入漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. IBM Sterling Partner Engagement Manager suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can...

9.8CVSS8AI score0.00688EPSS
Exploits0References3
OSV
OSV
added 2023/01/05 7:15 p.m.5 views

CVE-2023-0088

The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX actions handling page creation and deletion among other things. This makes it possible for...

8.8CVSS7.2AI score0.00552EPSS
Exploits1References2
F5 Networks
F5 Networks
added 2022/12/24 12:52 a.m.6 views

K000130346: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

Security Advisory Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the...

9.8CVSS7.7AI score0.46428EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2022/12/23 8:0 a.m.9 views

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.

...

7.8CVSS7.1AI score0.00298EPSS
Exploits0
OSV
OSV
added 2022/12/19 2:15 p.m.7 views

CVE-2022-4106

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

7.5CVSS5.9AI score0.00857EPSS
Exploits2References1
OSV
OSV
added 2022/12/18 6:15 a.m.1 views

UBUNTU-CVE-2022-47518

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management...

7.8CVSS6.9AI score0.00329EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.5 views

PT-2022-26308 · WordPress · Chained Quiz

Name of the Vulnerable Software and Affected Versions: Chained Quiz plugin for WordPress versions up to, and including, 1.3.2.4 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the list questions function. This allows unauthenticated attackers to...

5.4CVSS4.4AI score0.00397EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/12/01 12:0 a.m.4 views

PT-2022-26191 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.10 Nextcloud Server versions prior to 24.0.5 Description: The issue arises from the lack of validation of calendar name lengths before they are written to a database. This allows an attacker to send...

8.1CVSS4.7AI score0.00846EPSS
Exploits2References20
CNNVD
CNNVD
added 2022/11/29 12:0 a.m.3 views

static-dev-server 路径遍历漏洞

static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading them when they change. A directory traversal vulnerability exists in all versions of npm static-dev-server, which stems from a lack of validity checking of paths when...

7.5CVSS6.7AI score0.00959EPSS
Exploits1References3
CNVD
CNVD
added 2022/11/23 12:0 a.m.26 views

Automotive Shop Management System SQL Injection Vulnerability (CNVD-2022-87037)

Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that originates in the /asms/classes/Master.php?f=deleteservice component that lacks validation of...

7.2CVSS7.2AI score0.00821EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.3 views

NETGEAR R7000P 缓冲区错误漏洞

NETGEAR R7000P is a wireless router from NETGEAR, Inc. NETGEAR R7000P version V1.3.1.64 has a buffer overflow vulnerability, which originates from the lack of length validation of input data in the enablebandsteering parameter, and can be exploited by attackers to cause a denial of service or...

9.8CVSS8.2AI score0.01091EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/11/15 2:15 p.m.4 views

CVE-2022-3240

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

8.8CVSS7.2AI score0.00552EPSS
Exploits1References3
OSV
OSV
added 2022/11/15 2:15 a.m.6 views

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS5.8AI score0.00338EPSS
Exploits0References3
OSV
OSV
added 2022/11/07 10:15 a.m.4 views

CVE-2022-3536

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, an...

8.8CVSS5.8AI score0.00511EPSS
Exploits2References1
OSV
OSV
added 2022/10/28 5:15 p.m.5 views

CVE-2022-2864

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...

8.8CVSS5.6AI score0.00469EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/28 12:0 a.m.3 views

WordPress plugin demon image annotation 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. Cross-site request forgery vulnerability exists in WordPress demon image annotation 4.7 and earlier versions, which stems from the lack of nonce...

8.8CVSS6.7AI score0.00469EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.5 views

PT-2022-19129 · WordPress · Demon Image Annotation Plugin

Name of the Vulnerable Software and Affected Versions: demon image annotation plugin for WordPress versions up to, and including, 4.7 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation in the /includes/settings.php file. This allows unauthenticated...

8.8CVSS8.5AI score0.00469EPSS
Exploits0References5
Rows per page
Query Builder