Lucene search
K

1395 matches found

OSV
OSV
added 2024/08/27 7:54 p.m.2 views

GHSA-3FFF-GQW3-VJ86 Directus has an insecure object reference via PATH presets

Impact Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the POST /presets request but not in the PATCH request. When chained with...

4.1CVSS5.9AI score0.00326EPSS
Exploits0References5
OSV
OSV
added 2024/08/22 4:15 p.m.1 views

UBUNTU-CVE-2024-45193

An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria does not ensure that S n. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the...

4.3CVSS5.8AI score0.00284EPSS
Exploits1References6
Veracode
Veracode
added 2024/08/20 8:37 a.m.9 views

Zip Slip

mobsf is vulnerable to Zip Slip. The vulnerability is caused due to a missing validation while extracting .a extension files. This allows an attacker to extract files to any desired location within the server running MobS...

9.8CVSS6.6AI score0.00902EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.5 views

PT-2024-32852

Name of the Vulnerable Software and Affected Versions: Bluetooth affected versions not specified Description: The issue arises from a missing check in the LL CONNECTION UPDATE IND packet, which leads to a division by zero error. This error occurs due to the lack of proper validation in the packet...

7.6CVSS6AI score0.00456EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.7 views

PT-2024-12465 · WordPress · The Bricks

Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions up to, and including, 1.8.1 Description: The issue is due to missing or incorrect nonce validation on the save settings function, making it possible for unauthenticated attackers to modify the theme's...

4.3CVSS7.3AI score0.00227EPSS
Exploits0References8
Veracode
Veracode
added 2024/08/16 7:4 a.m.12 views

Authorization Bypass

directus is vulnerable to Authorization Bypass. The vulnerability is caused due to a missing validation for the user parameter in the PATCH requests for the end point /presets. This allows an authenticated external attacker to modify presets created by the same user to assign them to another user...

4.3CVSS6.3AI score0.00326EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.6 views

PT-2024-38391 · WordPress · Download Plugins/Themes In Zip From Dashboard

Name of the Vulnerable Software and Affected Versions: Download Plugins and Themes in ZIP from Dashboard plugin for WordPress versions prior to 1.8.8 Description: The issue is due to missing or incorrect nonce validation on the download theme function, making it possible for unauthenticated...

4.2CVSS6.9AI score0.00161EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.3 views

PT-2024-27243 · Unknown · Ada Web Server

Name of the Vulnerable Software and Affected Versions: Ada Web Server version 20.0 Description: An issue was discovered in Ada Web Server when configured to use SSL, which is not the default setting. The SSL/TLS used to establish connections to external services is done without proper hostname...

7.4CVSS6.8AI score0.00367EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.3 views

PT-2024-5805 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...

10CVSS8AI score0.00734EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/08/07 2:54 a.m.3 views

SUSE CVE-2024-7538

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

7.8CVSS7.5AI score0.00292EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/19 11:1 a.m.37 views

CVE-2024-5977 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated...

5.4CVSS0.00428EPSS
Exploits0References3
OSV
OSV
added 2024/07/13 6:15 a.m.3 views

CVE-2024-5080

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...

8.8CVSS5.9AI score0.00661EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.5 views

PT-2024-37531 · WordPress · Advanced Ajax Page Loader

Name of the Vulnerable Software and Affected Versions: Advanced AJAX Page Loader plugin for WordPress versions up to, and including, 2.7.7 Description: The issue is due to missing nonce validation in the admin init AAPL function and missing file type validation in the AAPL options validate...

8.8CVSS7.9AI score0.00489EPSS
Exploits0References8
OSV
OSV
added 2024/06/22 6:15 a.m.2 views

CVE-2024-3593

The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenudeleteallitemsettings and ubermenuresetsettings functions. This makes it possible for unauthenticated...

5.4CVSS5.6AI score0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/06/12 9:15 a.m.3 views

CVE-2024-5468

The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stmhbdelete function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to...

6.5CVSS5.9AI score0.00373EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/12 12:0 a.m.3 views

WordPress plugin Simple Staff List security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

4.3CVSS6.8AI score0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.7 views

PT-2024-21862 · Samsung · Exynos 1280 +4

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos 980 Samsung Mobile Processor Exynos 850 Samsung Mobile Processor Exynos 1280 Samsung Mobile Processor Exynos 1380 Samsung Mobile Processor Exynos 1330 Description: An issue was discovered in the function slsi n...

7.8CVSS7.3AI score0.00196EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.5 views

PT-2024-28510 · WordPress · Wp To Do

Name of the Vulnerable Software and Affected Versions: WP To Do plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the wptodo settings function. This allows unauthenticated...

4.3CVSS6.4AI score0.00224EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/19 12:0 a.m.3 views

PT-2024-6470 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

7.8CVSS7.4AI score0.00283EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.4 views

PT-2024-30162 · WordPress · The Tutor Lms

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.7.0 Description: The issue allows authenticated attackers with Instructor-level permissions and above to delete any course due to missi...

6.5CVSS6.8AI score0.00418EPSS
Exploits0References7
Rows per page
Query Builder