Lucene search
K

1395 matches found

CNNVD
CNNVD
added 2023/11/02 12:0 a.m.3 views

Company Website CMS 代码问题漏洞

Company Website CMS is a company website CMS. A file upload vulnerability exists in Company Website CMS v1.0. The vulnerability stems from the application's lack of validation of uploaded files. An attacker can exploit this vulnerability to upload malicious files and remotely execute arbitrary co...

7.2CVSS7.4AI score0.00788EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.5 views

PT-2023-32354 · WordPress · Thumbnail Carousel Slider Plugin

Name of the Vulnerable Software and Affected Versions: Thumbnail carousel slider plugin for WordPress version 1.0 Description: The issue is due to missing nonce validation on the deleteselected function, making it possible for unauthenticated attackers to delete sliders in bulk via a forged reque...

6.5CVSS6.8AI score0.00276EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.3 views

Simple Real Estate Portal System 安全漏洞

Simple Real Estate Portal System is a real estate portal system. A SQL injection vulnerability exists in Simple Real Estate Portal System v1.0, which originates from the parameter id of the file viewestate.php that lacks validation of externally entered SQL statements. An attacker can exploit thi...

9.8CVSS8.1AI score0.00649EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.6 views

PT-2023-32335 · WordPress · The Assistant Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Assistant WordPress plugin versions prior to 1.4.4 Description: The issue arises from the plugin not validating a parameter before making a request to it via wp remote get, which could allow users with a role as low as Editor to perform...

8.8CVSS8.6AI score0.00694EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.4 views

PT-2023-8163 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this issue, where the target must...

7.8CVSS7.2AI score0.00385EPSS
Exploits0References8
OSV
OSV
added 2023/10/20 8:15 a.m.4 views

CVE-2020-36758

The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the savefeedzyposttypemeta function. This makes it possible for unauthenticated attackers to update post...

4.3CVSS5.6AI score0.00397EPSS
Exploits1References9
OSV
OSV
added 2023/10/20 7:15 a.m.4 views

CVE-2023-4942

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsvisibility function. This makes it possible for unauthenticated attackers to manipulate products via a forge...

4.3CVSS7.2AI score0.0029EPSS
Exploits0References3
OSV
OSV
added 2023/10/16 12:15 a.m.6 views

CVE-2022-48612

A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...

6.1CVSS5.8AI score0.00434EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/02 12:0 a.m.2 views

MediaTek Chip Buffer Error Vulnerability

MediaTek chips are a variety of chips from MediaTek, a company owned by MediaTek of China. A buffer error vulnerability exists in the MediaTek chips, which stems from a lack of input validation in the camera middleware module, which may result in out-of-bounds writes...

6.7CVSS7AI score0.00089EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/02 12:0 a.m.2 views

MediaTek Chip Buffer Error Vulnerability

MediaTek chips are a variety of chips from MediaTek, a company owned by MediaTek of China. A buffer error vulnerability exists in the MediaTek chips, which stems from a lack of input validation in the camera middleware module, which may result in out-of-bounds writes...

6.7CVSS7AI score0.00089EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/28 12:0 a.m.3 views

PT-2023-29135 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: process login.php affected versions not specified Description: The issue concerns the Password parameter of the process login.php resource, which does not validate the characters received. As a result, these characters are sent unfiltered to...

6.3AI score
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.3 views

The vulnerability in the software web interface for processing and transmitting confidential data of Progress MOVEit Transfer lies in the lack of validation for XML objects’ sequences, allowing an intruder to gain unauthorized access to the MOVEit Transfer database.

The vulnerability of the software web interface for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of verification of the validity of XML objects. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access...

9CVSS7.1AI score0.00561EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.4 views

PT-2023-28269 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicio...

3.3CVSS7.8AI score0.00412EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/11 12:0 a.m.8 views

PT-2023-23421 · Tagdiv · Tagdiv Composer

Name of the Vulnerable Software and Affected Versions: tagDiv Composer WordPress plugin versions prior to 4.2 Description: The issue allows users with Admin privileges to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, such as in a multisite...

4.8CVSS8.3AI score0.00377EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2023/09/08 12:0 a.m.2 views

PT-2023-28230 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open...

5.5CVSS6.9AI score0.00415EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/08 12:0 a.m.5 views

PT-2023-28251 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

7.8CVSS7.3AI score0.0043EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2023/09/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-4666

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE...

9.8CVSS7.4AI score0.03283EPSS
Exploits3References1
CNNVD
CNNVD
added 2023/09/07 12:0 a.m.7 views

ASUS RT-AX56U Formatting String Error Vulnerability

The ASUS RT-AX56U is a wireless router from Asus China. The ASUS RT-AX56U suffers from a format string error vulnerability that stems from a lack of validation of specific values in its setiperf3svr.cgi module, resulting in a format string vulnerability...

7.2CVSS6.8AI score0.01187EPSS
Exploits0References2
OSV
OSV
added 2023/08/31 9:15 p.m.0 views

UBUNTU-CVE-2023-39356

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function gdimultiopaquerect. In particular there is no code to validate if the value...

9.1CVSS7.3AI score0.01529EPSS
Exploits1References8
OSV
OSV
added 2023/08/31 6:15 a.m.3 views

CVE-2023-4000

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to create and delete countdown...

4.3CVSS5.6AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder