Lucene search
K

1395 matches found

OSV
OSV
added 2024/04/03 5:15 p.m.4 views

CVE-2024-30322

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

7.8CVSS7.6AI score0.00914EPSS
Exploits0References2
CNVD
CNVD
added 2024/04/03 12:0 a.m.3 views

Emergency Ambulance Hiring Portal ambulance-tracking.php File SQL Injection Vulnerability

Emergency Ambulance Hiring Portal is an emergency ambulance hiring portal. The Emergency Ambulance Hiring Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the searchdata parameter of the ambulance-tracking.php file of t...

9.8CVSS8.3AI score0.00765EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.2 views

PT-2024-7754 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...

7.8CVSS8AI score0.00914EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.5 views

PT-2024-22964 · WordPress · The News Wall

Name of the Vulnerable Software and Affected Versions: The News Wall plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is due to missing or incorrect nonce validation on the nwap newslist page function, making it possible for unauthenticated attackers to update the...

4.3CVSS9.3AI score0.00204EPSS
Exploits0References5
OSV
OSV
added 2024/03/22 4:57 p.m.1 views

GHSA-F5X3-32G6-XQ36 Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-thi...

6.5CVSS6.7AI score0.00929EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.4 views

PT-2024-17945 · Woomotiv · Live Sales Notification For Woocommerce – Woomotiv

Name of the Vulnerable Software and Affected Versions: Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress versions up to, and including, 3.4.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax cancel revie...

4.3CVSS9.3AI score0.00253EPSS
Exploits1References5
OSV
OSV
added 2024/03/13 4:15 p.m.6 views

CVE-2024-0830

The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke...

4.3CVSS5.6AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/03 12:0 a.m.4 views

PT-2024-18517 · Mediatek +1 · Mt6739 +19

Name of the Vulnerable Software and Affected Versions: In da affected versions not specified Description: The issue is related to a possible out of bounds write due to lack of validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is...

6.7CVSS7.1AI score0.00087EPSS
Exploits0References4
OSV
OSV
added 2024/02/29 1:43 a.m.7 views

CVE-2024-0513

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the removefromwishlist function. This makes it possible for unauthenticated attackers to...

4.3CVSS7.2AI score0.00208EPSS
Exploits0References2
OSV
OSV
added 2024/02/28 9:15 a.m.4 views

CVE-2024-0433

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxunsetdefaultcard' function. This makes it possible for unauthenticated attackers to remove...

4.3CVSS5.7AI score0.00275EPSS
Exploits0References2
OSV
OSV
added 2024/02/28 7:15 a.m.4 views

CVE-2024-1943

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...

4.3CVSS6.5AI score0.0021EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.11 views

WordPress Theme Yuki Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.8AI score0.0021EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.4 views

WordPress Plugin Gestpay for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.6AI score0.00275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.9 views

PT-2024-15804 · Envo · Elementor Templates & Widgets For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax plugin...

4.3CVSS9.3AI score0.00275EPSS
Exploits0References7
OSV
OSV
added 2024/02/27 11:15 a.m.3 views

CVE-2024-1907

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categori...

4.3CVSS7.2AI score0.00202EPSS
Exploits0References2
OSV
OSV
added 2024/02/23 3:15 p.m.3 views

CVE-2024-22776

Wallos 0.9 is vulnerable to Cross Site Scripting XSS in all text-based input fields without proper validation, excluding those requiring specific formats like date fields...

4.7CVSS5.8AI score0.00474EPSS
Exploits1References2
OSV
OSV
added 2024/02/23 11:15 a.m.5 views

CVE-2024-1360

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwpinstallplugin function. This makes it possible for unauthenticated attackers to install recommended...

4.3CVSS5.6AI score0.00212EPSS
Exploits0References2
OSV
OSV
added 2024/02/23 7:15 a.m.2 views

CVE-2024-1777

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers t...

4.3CVSS5.6AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-18096 · WordPress · Wp Database Reset

Name of the Vulnerable Software and Affected Versions: Database Reset plugin for WordPress versions up to, and including, 3.22 Description: The issue is due to missing or incorrect nonce validation on the install wpr function, making it possible for unauthenticated attackers to install the WP Res...

4.7CVSS5.4AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.3 views

PT-2024-15628 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.87 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the add to wishlist function...

4.3CVSS9.3AI score0.00224EPSS
Exploits0References6
Rows per page
Query Builder