Lucene search
K

119 matches found

Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.5 views

PT-2025-16376 · Hcl · Hcl Bigfix Web Reports

Name of the Vulnerable Software and Affected Versions: HCL BigFix Web Reports affected versions not specified Description: The issue is related to a potentially weak validation of user input, which might make HCL BigFix Web Reports subject to a Stored Cross-Site Scripting XSS attack...

4.8CVSS5.3AI score0.00199EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/04/04 12:0 a.m.10 views

The vulnerability of the modTMSM component in the Trend Micro Apex Central security monitoring and management tool allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the modTMSM component in the Trend Micro Apex Central security management and monitoring tool is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

7.8CVSS6.5AI score0.00299EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.4 views

WordPress plugin Subscriptions & Memberships for PayPal 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

4.3CVSS8.2AI score0.00266EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.5 views

PT-2025-7306 · Phpjabbers · Phpjabbers Shared Asset Booking System

Name of the Vulnerable Software and Affected Versions: PHPJabbers Shared Asset Booking System version 1.0 Description: The issue is related to a CSV injection vulnerability that allows an attacker to execute remote code. This vulnerability exists due to insufficient input validation in the...

6.5CVSS7.5AI score0.00385EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.4 views

WordPress plugin WP Foodbakery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

9.8CVSS8.4AI score0.00851EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/27 12:0 a.m.3 views

WordPress plugin WordPress Contact Forms by Cimatti 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Contact Forms by Cimatti 1.9.2 and earlier versio...

4.3CVSS8AI score0.00212EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/26 12:0 a.m.7 views

PT-2024-39947

Name of the Vulnerable Software and Affected Versions Wux Blog Editor plugin for WordPress versions up to and including 3.0.0 Description The Wux Blog Editor plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation within the wuxbt insertImageNew...

9.8CVSS6.2AI score0.35817EPSS
Exploits5References12
OSV
OSV
added 2024/08/17 10:15 a.m.3 views

CVE-2023-0714

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...

9.8CVSS6.3AI score0.00958EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/06/04 12:0 a.m.6 views

The vulnerability of the WOPI protocol implementation in the MyOffice SDK software development kit allows a hacker to manipulate requests from the server.

The vulnerability of the WOPI protocol implementation in the MyOffice SDK software relates to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to manipulate requests from the server remotely...

5.3CVSS5.4AI score0.00534EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.5 views

PT-2024-23607 · Unknown · Ros Kinetic Kame

Name of the Vulnerable Software and Affected Versions: ROS Kinetic Kame affected versions not specified Description: The issue is related to an arbitrary file upload vulnerability due to insufficient file upload validation. Recommendations: At the moment, there is no information about a newer...

7AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/03/26 12:23 p.m.3 views

libreoffice: Insufficient macro permission validation leading to macro execution

An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user...

8.8CVSS5.9AI score0.00772EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.5 views

PublicCMS 跨站请求伪造漏洞

PublicCMS is a content management system. A cross-site request forgery vulnerability exists in PubliCMS version 4.0.202302.e. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. The vulnerability can be exploited to forge ...

6.9CVSS6.8AI score0.00322EPSS
Exploits0References6
OSV
OSV
added 2024/01/11 9:15 a.m.3 views

CVE-2023-6316

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'singlefileupload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

9.8CVSS7.9AI score0.01448EPSS
Exploits1References3
OSV
OSV
added 2023/12/19 3:15 p.m.3 views

CVE-2023-1514

A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority CA, allowing the client to validate th...

7.5CVSS5.8AI score0.00316EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/12/15 12:0 a.m.3 views

WordPress Plugin Essential Real Estate Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS8.8AI score0.01265EPSS
Exploits0References4
OSV
OSV
added 2023/12/12 1:15 a.m.1 views

CVE-2023-49058

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality...

5.3CVSS5.8AI score0.00625EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/01 12:0 a.m.7 views

PT-2023-32670 · WordPress · Contact Form 7

Name of the Vulnerable Software and Affected Versions: Contact Form 7 versions up to, and including, 5.8.3 Description: The issue arises from insufficient file type validation in the validate function and insufficient blocklisting on the wpcf7 antiscript file name function. This allows...

7.2CVSS7.8AI score0.01732EPSS
Exploits0References11
OSV
OSV
added 2023/11/22 4:15 p.m.3 views

CVE-2023-2449

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...

9.8CVSS6.6AI score0.00902EPSS
Exploits2References3
OSV
OSV
added 2023/09/13 3:15 a.m.5 views

CVE-2023-4915

The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function in the WP User Control Widget. The functi...

5.3CVSS7.3AI score0.00377EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/09/12 12:0 a.m.5 views

The vulnerability of the defaultrepositoryadmin service in the Crucible code-checking tool, as well as the Fisheye code-searching and comparing tool, allows a hacker to perform an SSRF attack.

The vulnerability of the defaultrepositoryadmin service in the Crucible code-checking tool, as well as the Fisheye tool for code search and comparison, is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...

4.3CVSS5.5AI score0.00736EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder