Lucene search
K

105 matches found

NVD
NVD
added 2025/03/03 2:15 p.m.7 views

CVE-2025-23829

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codingkart Woo Update Variations In Cart woo-update-variations-in-cart allows Stored XSS.This issue affects Woo Update Variations In Cart: from n/a through = 0.0.9...

6.5CVSS0.0034EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 1:30 p.m.59 views

CVE-2025-23829

The CVE-2025-23829 issue affects the WordPress plugin “Woo Update Variations In Cart” up to version 0.0.9. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation. Affected component/file is the plugin’s input handling, l...

6.5CVSS5.9AI score0.0034EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.5 views

WordPress plugin Woo Update Variations In Cart 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.5CVSS5.7AI score0.0034EPSS
Exploits0References3
OSV
OSV
added 2025/02/25 6:18 p.m.3 views

MAL-2025-191671 Malicious code in aclient-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aa9e5d91a1f45bce354edc5b12fcacf603db5e00dc4a48628d3fe5fff37d0eb2 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.5 views

WordPress Woo Update Variations In Cart plugin <= 0.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Woo Update Variations In Cart versions = 0.0.9...

6.5CVSS6.1AI score0.0034EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/08/29 11:15 a.m.3 views

CVE-2024-5987

The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savecontrastvariations' and 'saveemptycontrastvariations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for...

4.3CVSS5.8AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.9 views

PT-2024-37295 · WordPress · Wp Accessibility Helper

Name of the Vulnerable Software and Affected Versions: WP Accessibility Helper plugin versions prior to 0.6.2.8 Description: The issue allows authenticated attackers with Subscriber-level access and above to edit or delete contrast settings due to a missing capability check on the save contrast...

5.4CVSS6.4AI score0.00264EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/07/17 6:30 p.m.24 views

vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

2.9CVSS6.4AI score0.00201EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/07/17 12:0 p.m.12 views

RUSTSEC-2024-0354 Usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

2.9CVSS3.4AI score0.00201EPSS
Exploits0References3
OSV
OSV
added 2024/07/12 1:15 p.m.1 views

DEBIAN-CVE-2024-40919

In the Linux kernel, the following vulnerability has been resolved: bnxten: Adjust logging of firmware messages in case of released token in hwrmsend In case of token is released due to token-state == BNXTHWRMDEFERRED, released token set to NULL is used in log messages. This issue is expected to ...

5.5CVSS5.6AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/09 12:0 a.m.9 views

PT-2024-35968 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.13 Description: The issue arises due to the application not properly validating the ownership of dataset prompts and their variations against the organization or project of the requesting user. As a result,...

8.1CVSS5.8AI score0.00431EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.9 views

PT-2024-34585 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.2 Description: An Insecure Direct Object Reference IDOR vulnerability was identified, allowing unauthorized users to view, update, or delete any dataset prompt or dataset prompt variation with...

9.4CVSS9.3AI score0.00509EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/08/25 12:0 a.m.4 views

PT-2023-35972 · Git +1 · Harfbuzz

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including OT::glyph variations t::create from glyp...

6.9AI score
Exploits0References2
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.5 views

WordPress Duplicate Variations for Woocommerce Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Duplicate Variations for Woocommerce Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8cf89aee8b9 Credits Rafie Muhamma...

6.5AI score0.00284EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.2 views

SUSE CVE-2012-5612

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service memory corruption and crash and possibly execute arbitrary code, as demonstrated using certain...

6.5CVSS7.2AI score0.20837EPSS
Exploits2References7
Github Security Blog
Github Security Blog
added 2022/12/25 6:30 a.m.28 views

Snipe-IT allows attackers to check whether a user account exists

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...

5.3CVSS5.4AI score0.00646EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/12/25 5:15 a.m.19 views

Design/Logic Flaw

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...

5CVSS5.2AI score0.00646EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/12/25 12:0 a.m.19 views

CVE-2022-44381

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...

5.5AI score0.00646EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.7 views

tomcat: JNDI realm authentication weakness

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

6.5CVSS7.2AI score0.09886EPSS
Exploits0References4
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.7 views

WordPress Smart Variations Images & Swatches for WooCommerce plugin < 5.1.10 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Smart Variations Images & Swatches for WooCommerce plugin versions 5.1.10. Solution Update the WordPress Smart Variations Images & Swatches for WooCommerce plugin to the latest available version at lea...

4AI score
Exploits0References2Affected Software1
Rows per page
Query Builder