Lucene search
+L

288 matches found

CNNVD
CNNVD
added 2023/02/13 12:0 a.m.7 views

Wordpress plugin Advanced Contact form 7 DB 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.1CVSS5.9AI score0.00495EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.11 views

WordPress Plugin Cloak Front End Email 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00649EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.6 views

YMFE YApi 跨站脚本漏洞

YMFE YApi is a visual interface management platform from YMFE Corporation. A security vulnerability exists in YMFE YApi version 1.9.1. An attacker can exploit this vulnerability to execute arbitrary code via the /interface/api edit page...

5.4CVSS6.3AI score0.0054EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/01/26 12:0 a.m.5 views

PT-2023-12296 · Yapi · Yapi

Name of the Vulnerable Software and Affected Versions: yapi version 1.9.1 Description: A Cross Site Scripting XSS issue allows attackers to execute arbitrary code via the "interface/api" edit page. Recommendations: For yapi version 1.9.1, update to a newer version that contains a fix for this iss...

5.4CVSS6.8AI score0.0054EPSS
Exploits1References7
Patchstack
Patchstack
added 2023/01/11 12:0 a.m.13 views

WordPress Cloak Front End Email Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Cloak Front End Email Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0150 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8e7d5eb708ad Credits István Márto...

5.4CVSS5.6AI score0.00649EPSS
Exploits2References3Affected Software1
PyPA
PyPA
added 2023/01/05 9:15 a.m.6 views

PYSEC-2023-14

UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site...

6.1CVSS6.2AI score0.00548EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/13 12:0 a.m.4 views

PT-2022-23055 · Github · @Actions/Core

Name of the Vulnerable Software and Affected Versions: @actions/core versions prior to v1.9.1 Description: The core.exportVariable function uses a well-known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that writ...

5CVSS5AI score0.00559EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/07/25 12:0 a.m.34 views

Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption

A regular expression used in Apache MXNet incubating is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to u...

7.5CVSS3.9AI score0.01595EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/07/24 6:15 p.m.16 views

CVE-2022-24294

A regular expression used in Apache MXNet incubating is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to u...

7.5CVSS7.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/24 12:0 a.m.10 views

PT-2022-3914

Name of the Vulnerable Software and Affected Versions Apache MXNet versions prior to 1.9.1 Description A regular expression used in Apache MXNet is vulnerable to a potential denial-of-service by excessive resource consumption. The issue could be exploited when loading a model in Apache MXNet that...

10CVSS7.1AI score0.01595EPSS
Exploits0References16
0day.today
0day.today
added 2022/05/26 12:0 a.m.454 views

qdPM 9.1 - Remote Code Execution (Authenticated) Exploit

Exploit Title: qdPM 9.1 - Remote Code Execution RCE Authenticated Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Original Exploit Author: Rishal Dwivedi Loginsoft Original ExploitDB ID: 47954 https://www.exploit-db.com/exploits/47954 Exploit Author: Leon Trappett thepcn3rd Vendor...

8.8CVSS0.83235EPSS
Exploits16
vulnersOsv
vulnersOsv
added 2022/05/14 3:44 a.m.11 views

au.net.causal.projo:projo (>=1.0 <=1.1), au.net.causal.projo:projo-jodatime (>=1.0 <=1.1) +1208 more potentially affected by CVE-2014-9970 via org.jasypt:jasypt (>=1.0 <=1.9.1)

org.jasypt:jasypt MAVEN version =1.0, =1.0, =1.0, =1.0, =1.0, =0.1, =0.1, =4.4-4, =6.0-2, =4.4-19, =4.4-5, =4.4-4, =4.4-4, =4.4-4, =4.4-4, =4.4-4, =4.5.1-rc-8 and more Source cves: CVE-2014-9970 Source advisory: OSV:GHSA-R5C2-RXH2-F5H2...

7.5CVSS6.7AI score0.02432EPSS
Exploits0
NVD
NVD
added 2022/04/11 9:15 p.m.28 views

CVE-2022-24837

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

5.3CVSS0.01082EPSS
Exploits0References3
OSV
OSV
added 2022/04/11 8:20 p.m.27 views

CVE-2022-24837 Enumerable upload file names in hedgedoc

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

5.3CVSS5.5AI score0.01082EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.6 views

HedgeDoc 代码问题漏洞

Hedgedoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the Hedgedoc team. A security vulnerability exists in HedgeDoc version 1.9.1 and later versions, which stems from an uploaded image having an enumerable filename after uploading, resulting in the...

5.3CVSS5.7AI score0.01082EPSS
Exploits0References4
OSV
OSV
added 2022/03/14 3:15 p.m.4 views

CVE-2022-0701

The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00588EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/10/27 12:0 a.m.39 views

WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header

The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. PoC curl --referer "something" -sIXGET https://example.com/wp-admin/options.php HTTP/2 302 ... location:...

0.5AI score0.71532EPSS
Exploits5References1Affected Software1
vulnersOsv
vulnersOsv
added 2021/09/30 8:50 p.m.3 views

shuup-admin-channel (=1.0.0), shuup-attrim (>=0.8.0.0 <=0.9.0.7) +4 more potentially affected by CVE-2021-25962 via shuup (=1.9.1)

shuup PYPI version =1.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on shuup and may be impacted: - shuup-admin-channel =1.0.0 - shuup-attrim =0.8.0.0, =0.6.0, =0.7.0.1, =0.10.1.0 - shuup-utils =0.4.1.2 Source cves: CVE-2021-25962 Source advisory:...

8.8CVSS7.2AI score0.01051EPSS
Exploits0
Gitee
Gitee
added 2021/08/15 11:41 p.m.8 views

POChouse

Based on the provided context, here is a summary of the analysis: Classification: Apache Flink 1.9.x has a vulnerability that allows for arbitrary command execution and reverse shell through malicious JAR package upload. Affected Version: = 1.9.1 POC: The proof-of-concept POC code is written in...

9.1AI score
Exploits0
OSV
OSV
added 2020/09/03 11:21 p.m.2 views

GHSA-H6MQ-3CJ6-H738 Reverse Tabnabbing in showdown

Versions of showdown prior to 1.9.1 are vulnerable to Reverse Tabnabbing. The package uses target='blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks. Recommendation Upgrade to version 1.9.1 or lat...

3.1CVSS5.9AI score
Exploits0References5
Rows per page
Query Builder