Lucene search
K

107 matches found

Positive Technologies
Positive Technologies
added 2024/05/20 12:0 a.m.6 views

PT-2024-25536 · Keepassxc · Keepassxc

Name of the Vulnerable Software and Affected Versions: KeePassXC version 2.7.7 Description: The issue allows an attacker with victim privileges to recover cleartext credentials via a memory dump. It is noted that the vendor disputes this, citing memory-management constraints that make this...

6.5CVSS6.8AI score0.00344EPSS
Exploits1References13
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.5 views

WordPress plugin JS Help Desk 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

9.1CVSS8.9AI score0.00668EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:10 a.m.20 views

BIT-DISCOURSE-2021-32788 Post creator of a whisper post can be revealed to non-staff users in Discourse

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal...

4.3CVSS4.6AI score0.00888EPSS
Exploits0References4
OSV
OSV
added 2023/11/30 2:15 p.m.3 views

CVE-2023-36682

Cross-Site Request Forgery CSRF vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7...

8.8CVSS7.3AI score0.00249EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-41840

Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...

9.8CVSS7.3AI score0.05116EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/06/20 12:0 a.m.8 views

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-23679 Patch priority Low CVSS severity Low 4.6 Developer Claim ownership PSID...

8.8CVSS6.4AI score0.00472EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/21 12:0 a.m.145 views

WordPress BuddyForms Plugin <= 2.7.7 is vulnerable to PHP Object Injection

Software BuddyForms Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE N/A Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 2e9e362a10ab Credits WordFence Required privilege Subscriber Published 21...

7.2AI score
Exploits0References2Affected Software1
OSV
OSV
added 2022/11/18 7:15 p.m.0 views

CVE-2022-41840

Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin = 2.7.7 on WordPress...

9.8CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.3 views

PT-2022-7189 · WordPress · Welcart Ecommerce Plugin

Name of the Vulnerable Software and Affected Versions: Welcart eCommerce plugin versions = 2.7.7 Description: The issue is related to incorrect restriction of a directory path with limited access in the Welcart eCommerce plugin for WordPress. This can allow a remote attacker to execute arbitrary...

10CVSS9.4AI score0.05116EPSS
Exploits2References5
OSV
OSV
added 2022/05/14 2:47 a.m.23 views

GHSA-J5JH-HPR4-H332 Symfony Session Fixation Vulnerability

A session fixation vulnerability within the "Remember Me" login feature allows an attacker to impersonate the victim towards the web application if the session id value was previously known to the attacker. This issue has been fixed in Symfony 2.3.35, 2.6.12, and 2.7.7. Note that no fixes are...

3.1CVSS5.9AI score0.02712EPSS
Exploits1References13
OpenVAS
OpenVAS
added 2021/11/01 12:0 a.m.47 views

Python 'socket.recvfrom_into' Buffer Overflow Vulnerability (Mar 2014) - Linux

Python is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

7.5CVSS7.9AI score0.28319EPSS
Exploits7References4
Positive Technologies
Positive Technologies
added 2021/09/27 12:0 a.m.2 views

PT-2021-23084 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.7.7 and earlier Discourse versions 2.8.0.beta6 and earlier Description: Discourse is an open source discussion platform. There is a cross-site scripting XSS vulnerability in the platform. Rendering of some error messages...

6.1CVSS5.8AI score0.00565EPSS
Exploits0References8
CNVD
CNVD
added 2021/07/29 12:0 a.m.6 views

Discourse has unspecified vulnerabilities

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. A security vulnerability exists in versions of Discourse prior to 2.7.7, which can be exploited by an attacker to cause the post creator of a whispered post to be...

4.3CVSS6.6AI score0.00888EPSS
Exploits0
Prion
Prion
added 2021/07/27 10:15 p.m.16 views

Design/Logic Flaw

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal...

4CVSS4.7AI score0.00888EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/07/27 9:40 p.m.25 views

CVE-2021-32788 Post creator of a whisper post can be revealed to non-staff users in Discourse

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal...

4.3CVSS5AI score0.00888EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2021/07/08 12:0 a.m.27 views

Mechanize: Command injection

Background Mechanize is a Ruby library used for automating interaction with websites. Description Mechanize does not neutralize filename input and could allow arbitrary code execution if an attacker can control filenames used by Mechanize. Impact Please review the referenced CVE identifiers for...

8.3CVSS3.9AI score0.03507EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/02/03 3:21 a.m.22 views

CVE-2021-21289

Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which...

8.3CVSS4.2AI score0.03507EPSS
Exploits0References3
OSV
OSV
added 2021/02/02 7:15 p.m.2 views

UBUNTU-CVE-2021-21289

Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which...

8.3CVSS7.2AI score0.03507EPSS
Exploits0References11
Snyk
Snyk
added 2021/02/01 12:0 a.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local...

8.3CVSS7AI score0.03507EPSS
Exploits0References3
wpexploit
wpexploit
added 2020/08/24 12:0 a.m.25 views

Autoptimize < 2.7.7 - Authenticated Arbitrary File Upload

The aoccssimport AJAX call does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. https://drive.google.com/file/d/1siZsDiJsYRCw58Ksram5zBJOVbs-Hio1/view?usp=sharing POST /wp-admin/admin-ajax.php HTTP/1...

6.5CVSS0.2AI score0.13139EPSS
Exploits6References1
Rows per page
Query Builder