Lucene search
K

1395 matches found

OSV
OSV
added 2024/10/25 8:15 a.m.5 views

CVE-2024-9598

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce validation on the 'proxy' function. This makes it possible for unauthenticated attackers to send the...

8.8CVSS5.6AI score0.00261EPSS
Exploits0References3
OSV
OSV
added 2024/10/24 8:15 a.m.4 views

CVE-2024-9943

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php...

6.3CVSS5.8AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/23 12:0 a.m.2 views

Realtek SD card reader driver 安全漏洞

The Realtek SD card reader driver is a card reader driver from China-based Realtek Semiconductor Realtek. A security vulnerability exists in Realtek SD card reader driver version 10.0.26100.21374 and prior versions, which stems from a lack of input validation and allows an attacker to write to...

8.8CVSS6.7AI score0.01269EPSS
Exploits1References1
OSV
OSV
added 2024/10/21 5:28 p.m.3 views

GHSA-584Q-6J8J-R5PM secp256k1-node allows private key extraction over ECDH

Summary In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.jsL37-L39 loadCompressedPublicKey is, however, missing that check:...

8.7CVSS5.9AI score0.00393EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.5 views

PT-2024-16047 · Amazon · Amazon.Applicationloadbalancer.Identity.Aspnetcore

Name of the Vulnerable Software and Affected Versions: Amazon.ApplicationLoadBalancer.Identity.AspNetCore affected versions not specified Description: The issue concerns the Amazon.ApplicationLoadBalancer.Identity.AspNetCore repository, which contains middleware for use with the Application Load...

7.5CVSS6.8AI score0.00319EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.6 views

PT-2024-33278 · Unknown · Secp256K1-Node

Name of the Vulnerable Software and Affected Versions: secp256k1-node versions prior to 5.0.1 secp256k1-node versions prior to 4.0.4 secp256k1-node versions prior to 3.8.1 Description: The issue affects the elliptic-based version of secp256k1-node, where the loadCompressedPublicKey function is...

8.7CVSS7AI score0.00393EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.9 views

PT-2024-39737 · WordPress · Wp Ulike

Name of the Vulnerable Software and Affected Versions: WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress versions up to, and including, 4.7.4 Description: The issue is a Cross-Site Request Forgery vulnerability due to missing or incorrect nonce validation on the wp ulik...

4.3CVSS6.8AI score0.00207EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.8 views

PT-2024-39836 · WordPress · Imagepress

Name of the Vulnerable Software and Affected Versions: ImagePress – Image Gallery plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is due to missing or incorrect nonce validation on the imagepress admin page function, making it possible for unauthenticated attacker...

4.3CVSS6.5AI score0.00232EPSS
Exploits0References12
OSV
OSV
added 2024/10/08 6:30 a.m.1 views

GHSA-PR45-CG4X-FF4M ggit is vulnerable to Arbitrary Argument Injection via the clone() API

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

6.9CVSS5.9AI score0.00577EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/24 2:39 a.m.3 views

kernel: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

A vulnerability was found in the cfg80211 component in the Linux kernel, where a lack of proper range validation applied to the NL80211ATTRTXQQUANTUM can lead to a scenario where the userspace passes an extremely high value that the kernel is not designed to handle efficiently ex. 2^31. This can...

4.4CVSS6.7AI score0.00174EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.6 views

PT-2024-39259 · WordPress · Ba Book Everything

Name of the Vulnerable Software and Affected Versions: BA Book Everything plugin for WordPress versions up to, and including, 1.6.20 Description: The issue is due to missing or incorrect nonce validation on the my account update function, making it possible for unauthenticated attackers to update...

8.8CVSS7.5AI score0.003EPSS
Exploits0References13
OSV
OSV
added 2024/09/13 3:15 p.m.4 views

CVE-2024-7423

The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary options that...

8.8CVSS5.7AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/09/13 12:0 a.m.4 views

The vulnerability of the miEnumattr() function in the fs/ntfs3 component of the Linux operating system, which allows for buffer copying without checking input data. This vulnerability enables an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the miEnumattr function in the fs/ntfs3 component of the Linux operating system is related to the copying of buffers without checking the input data. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service...

8.4CVSS6.5AI score0.00295EPSS
Exploits0References17Affected Software5
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.3 views

PT-2025-10649 · Ashlar Vellum · Ashlar-Vellum Cobalt

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt affected versions not specified Description: This issue involves a type confusion flaw within the parsing of VS files in Ashlar-Vellum Cobalt. This can allow a remote attacker to execute arbitrary code in the context of t...

7.8CVSS7.5AI score0.0026EPSS
Exploits0References9
OSV
OSV
added 2024/09/10 10:15 a.m.6 views

CVE-2023-2919

The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addonenabledisable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a...

4.3CVSS5.6AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/09 12:0 a.m.3 views

SAMSUNG Mobile Processor 安全漏洞

SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor, which stems from a heap overwrite in the function slsigetscanextraies that does not perform an input validation check on defaulties from userspace. The...

7.8CVSS6.8AI score0.00164EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.3 views

PT-2024-21856 · Samsung · Exynos 1330 +8

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions including Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930 Description: The issue is related to a lack of input validation check on a...

5.5CVSS7AI score0.00158EPSS
Exploits0References5
Veracode
Veracode
added 2024/08/30 8:34 a.m.9 views

SQL Injection

centreon/centreon is vulnerable to SQL Injection. The vulnerability is caused due to a missing validation while constructing SQL queries...

9.1CVSS7.6AI score0.00488EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/30 8:15 a.m.6 views

CVE-2024-8319

The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tforderstatusemailresendfunction, tfvisitordetailseditfunction, tfcheckinoutdetailseditfunction,...

4.3CVSS5.6AI score0.00174EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/08/28 12:34 p.m.6 views

kernel: virtio-net: tun: mlx5_core short frame denial of service

A denial of service DoS attack was found in the mlx5 driver in the Linux kernel. A KVM guest VM using virtio-net can crash the host by sending a short packet, for example, size = ETHHLEN...

7.1CVSS7.2AI score0.00256EPSS
Exploits0References6
Rows per page
Query Builder