Lucene search
K

1395 matches found

SUSE CVE
SUSE CVE
added 2024/02/13 3:51 a.m.7 views

SUSE CVE-2024-1151

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...

5.5CVSS6.9AI score0.0027EPSS
Exploits0References15
OSV
OSV
added 2024/02/11 3:15 p.m.2 views

DEBIAN-CVE-2024-1151

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...

5.5CVSS6.5AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.6 views

WordPress plugin AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin AI Engine: Chatbots,...

7.2CVSS6.8AI score0.01211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.5 views

PT-2024-20000 · Lemmy · Lemmy

Name of the Vulnerable Software and Affected Versions: Lemmy versions 0.17.0 through 0.19.0 Description: The issue allows any authenticated user to obtain arbitrary private message contents by creating a private message report. This is possible because the API response to creating a private messa...

7.5CVSS6.4AI score0.00505EPSS
Exploits0References9
OSV
OSV
added 2024/01/19 8:15 p.m.3 views

CVE-2023-33295

Cohesity DataProtect prior to 6.8.1u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/19 12:0 a.m.7 views

PT-2024-15699 · WordPress · Vk Block Patterns

Name of the Vulnerable Software and Affected Versions: VK Block Patterns plugin for WordPress versions up to, and including, 1.31.1.1 Description: The issue is due to missing or incorrect nonce validation on the vbp clear patterns cache function, making it possible for unauthenticated attackers t...

4.3CVSS5.3AI score0.00669EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/01/18 12:0 a.m.3 views

PHPGurukul Company Visitor Management System 安全漏洞

Company Visitor Management System is a visitor management system. Company Visitor Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file search-visitor.php. An attacker can exploit this vulnerability to...

7.2CVSS8.1AI score0.0063EPSS
Exploits1References4
OSV
OSV
added 2024/01/16 4:15 p.m.6 views

CVE-2023-0079

The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.4CVSS5.8AI score0.00534EPSS
Exploits1References1
OSV
OSV
added 2024/01/11 3:15 p.m.5 views

CVE-2023-6244

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...

4.3CVSS5.7AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.4 views

PT-2023-31295 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtTotal parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they are se...

7.7AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.4 views

PT-2023-8812 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this, where the target must visit ...

7.8CVSS7.2AI score0.00415EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/06 12:0 a.m.3 views

PT-2023-9684 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...

7.8CVSS8AI score0.00793EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/12/04 12:0 a.m.5 views

PT-2023-32441 · WordPress · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce WordPress plugin versions prior to 2.9.5 Description: The issue arises from the lack of file validation for uploads and the absence of authorization and CSRF protection in an AJAX action handling file uploads. This allows a...

8.8CVSS8.6AI score0.00479EPSS
Exploits2References6
OSV
OSV
added 2023/11/27 5:15 p.m.3 views

CVE-2023-4297

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories...

4.3CVSS7.4AI score0.00637EPSS
Exploits2References1
OSV
OSV
added 2023/11/22 4:15 p.m.5 views

CVE-2023-5382

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfdeleteposts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a...

4.3CVSS5.7AI score0.00306EPSS
Exploits0References2
OSV
OSV
added 2023/11/22 4:15 p.m.3 views

CVE-2023-2440

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...

8.8CVSS7.2AI score0.00276EPSS
Exploits0References2
PyPA
PyPA
added 2023/11/16 6:15 p.m.5 views

PYSEC-2023-242

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

7.4CVSS6.8AI score0.00305EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.3 views

Desdev DedeCMS Cross-Site Request Forgery Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A cross-site request forgery...

8.8CVSS6.8AI score0.00323EPSS
Exploits1References2
OSV
OSV
added 2023/11/07 11:15 a.m.7 views

CVE-2023-5975

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to update the plugin settings via a forged...

4.3CVSS5.7AI score0.00313EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.4 views

kernel: Linux kernel: Denial of Service in vmwgfx due to invalid DMA surface copies

A flaw was discovered in the Linux kernel’s DRM vmwgfx driver related to how cursor images are snooped and copied. When the dimensions of a DMA surface copybox were derived from untrusted userspace data without proper validation against the expected snooped cursor size, an invalid size could caus...

5.5CVSS7.4AI score0.00149EPSS
Exploits0References5
Rows per page
Query Builder