Lucene search
K

1453 matches found

Patchstack
Patchstack
added 2025/11/07 1:6 a.m.5 views

WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability

WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin LC Wizard versions 1.2.10-1.3.0...

8.1CVSS6.7AI score0.0028EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.5 views

PT-2025-45401

Name of the Vulnerable Software and Affected Versions LC Wizard plugin for WordPress versions 1.2.10 through 1.3.0 Description The LC Wizard plugin for WordPress has a flaw that allows lower-privileged users to escalate to administrator rights. This is due to a missing capability check in the...

8.1CVSS6.5AI score0.0028EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.3 views

WordPress plugin LC Wizard 安全漏洞

WordPress LC Wizard plugin is a plugin with security vulnerabilities. WordPress LC Wizard plugin has an elevation of privilege vulnerability that stems from a missing capability check in the ghl-wizard/inc/wpuser.php file, which can be exploited by an attacker to cause an elevation of privilege...

8.1CVSS6.7AI score0.0028EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.2 views

Lexmark Printers Improper Authentication (CVE-2021-44736)

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the out of service erase feature. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

10CVSS8.3AI score0.02432EPSS
Exploits0References5
NVD
NVD
added 2025/11/04 7:17 p.m.21 views

CVE-2025-12108

The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...

9.3CVSS0.00442EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/04 6:43 p.m.4 views

CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera

The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...

9.3CVSS6.6AI score0.00442EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/04 6:43 p.m.10 views

CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera

The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...

9.3CVSS0.00442EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.16 views

PT-2025-45029

Name of the Vulnerable Software and Affected Versions Survision LPR Camera system affected versions not specified Description The Survision LPR Camera system lacks default password protection. This allows immediate access to the configuration wizard without requiring a login or checking...

9.3CVSS6.6AI score0.00442EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2024-14005

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...

9.4CVSS7.6AI score0.04188EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 a.m.7 views

EUVD-2024-55054

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...

9.4CVSS7.1AI score0.04188EPSS
Exploits0References4
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2024-14008

Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations...

7.2CVSS6AI score
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.15 views

CVE-2024-14005

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...

9.4CVSS0.04188EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.8 views

CVE-2024-14005

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...

8.8CVSS6AI score0.04188EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/30 9:43 p.m.9 views

CVE-2024-14008 Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard

Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations...

9.4CVSS0.02194EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/30 9:43 p.m.3 views

CVE-2024-14008 Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard

Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations...

9.4CVSS6.8AI score0.02194EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:43 p.m.16 views

CVE-2024-14008

Nagios XI prior to 2024R1.3.2 is affected by a remote command execution vulnerability in the WinRM Configuration Wizard. The issue stems from insufficient validation of user-supplied input, allowing an authenticated administrator to inject shell metacharacters into backend command invocations, re...

9.4CVSS6.8AI score0.02194EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/30 9:37 p.m.4 views

CVE-2024-14005 Nagios XI < 2024R1.2 Command Injection via Docker Wizard

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...

9.4CVSS7.2AI score0.04188EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/30 9:37 p.m.11 views

CVE-2024-14005 Nagios XI < 2024R1.2 Command Injection via Docker Wizard

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...

9.4CVSS0.04188EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:37 p.m.22 views

CVE-2024-14005

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input by an authenticated administrator enables shell metacharacter injection that is incorporated into backend command invocations, allowing arbitrary com...

9.4CVSS7.2AI score0.04188EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.8 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.2, which stems from insufficient...

9.4CVSS7AI score0.04188EPSS
Exploits0References3
Rows per page
Query Builder