Lucene search
K

213680 matches found

Prion
Prion
added 2024/02/29 1:44 a.m.19 views

Out-of-bounds

VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID chip card interface device. A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure...

1.2CVSS6.4AI score0.00226EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:44 a.m.31 views

Design/Logic Flaw

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...

6.8AI score0.09503EPSS
Exploits1References2
Prion
Prion
added 2024/02/29 1:44 a.m.26 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Manish Kumar Agarwal Change Table Prefix.This issue affects Change Table Prefix: from n/a through 2.0...

4.3CVSS7.5AI score0.00279EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:44 a.m.27 views

Information disclosure

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

7.3AI score0.00512EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:44 a.m.16 views

Memory corruption

A memory leak issue discovered in parseSWFFILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file...

4.3CVSS6.8AI score0.00747EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2024/02/29 1:44 a.m.17 views

Code injection

cassandra-rs is a Cassandra CQL driver for Rust. Code that attempts to use an item e.g., a row returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0...

5CVSS7.5AI score0.00817EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:44 a.m.36 views

Design/Logic Flaw

Inadequate content filtering leads to XSS vulnerabilities in various components...

6.5AI score0.48839EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 1:44 a.m.26 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2...

4.3CVSS7.5AI score0.00277EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:44 a.m.21 views

Design/Logic Flaw

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...

6.4CVSS7.3AI score0.00857EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:44 a.m.34 views

Path traversal

Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue...

7.6AI score0.47667EPSS
Exploits0References6
Prion
Prion
added 2024/02/29 1:44 a.m.43 views

Double free

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the poolfree function lacks loop checks. poolfree is part of the pool series allocator, along with poolmalloc and poolrealloc...

8.3AI score0.01836EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 1:44 a.m.22 views

Memory corruption

A memory leak issue discovered in parseSWFTEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file...

4.3CVSS6.8AI score0.00759EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2024/02/29 1:44 a.m.110 views

Memory corruption

A memory leak issue discovered in parseSWFGLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file...

4.3CVSS6.8AI score0.00766EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2024/02/29 1:44 a.m.29 views

Memory corruption

Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c...

7.1AI score0.00437EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 1:44 a.m.38 views

Open redirect

Inadequate parsing of URLs could result into an open redirect...

7.2AI score0.00537EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:43 a.m.35 views

Design/Logic Flaw

The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generateexportfile function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and...

5.5CVSS6.7AI score0.00393EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:43 a.m.24 views

Design/Logic Flaw

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4CVSS6.7AI score0.00372EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.24 views

Cross site scripting

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.5CVSS6AI score0.00496EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.50 views

Design/Logic Flaw

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

5CVSS7AI score0.00598EPSS
Exploits0References7
Prion
Prion
added 2024/02/29 1:43 a.m.25 views

Cross site request forgery (csrf)

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the addtocompare function. This makes it possible for unauthenticated attackers to add...

4.3CVSS6.6AI score0.00244EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.31 views

Design/Logic Flaw

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-leve...

4CVSS6.7AI score0.00347EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.21 views

Cross site scripting

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to...

5.5CVSS6.2AI score0.00463EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:43 a.m.20 views

Cross site scripting

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

3.2CVSS6AI score0.00626EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:43 a.m.24 views

Cross site scripting

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

5.5CVSS5.9AI score0.00439EPSS
Exploits0References5
Prion
Prion
added 2024/02/29 1:43 a.m.22 views

Design/Logic Flaw

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

5CVSS6.9AI score0.00524EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.23 views

Cross site scripting

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated...

5.5CVSS6AI score0.00432EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:43 a.m.16 views

Design/Logic Flaw

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible...

7.5CVSS7AI score0.00511EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.24 views

Design/Logic Flaw

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the awaitplugindeactivation function in all versions up to, and including, 2.3.41. This makes it possible for...

6.5CVSS7AI score0.00306EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.11 views

Design/Logic Flaw

A vulnerability in the Link Layer Discovery Protocol LLDP feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of specific fields i...

2.9CVSS7.2AI score0.00318EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:43 a.m.21 views

Design/Logic Flaw

The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access and above, ...

4CVSS6.8AI score0.00343EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.28 views

Design/Logic Flaw

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with...

4CVSS6.6AI score0.00431EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.21 views

Cross site scripting

The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifuinputurl parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6.2AI score0.00429EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.25 views

Cross site scripting

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student...

5.5CVSS6.7AI score0.00506EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.20 views

Design/Logic Flaw

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level...

4CVSS6.7AI score0.00347EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.26 views

Cross site request forgery (csrf)

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.22 views

Cross site scripting

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcjproductbarcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes ...

5.5CVSS6AI score0.00343EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.21 views

Design/Logic Flaw

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up to, and...

5CVSS7AI score0.00519EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.30 views

Cross site scripting

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

5.5CVSS6AI score0.00443EPSS
Exploits0References5
Prion
Prion
added 2024/02/29 1:43 a.m.22 views

Design/Logic Flaw

A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of prop...

5CVSS7.4AI score0.00926EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/02/29 1:43 a.m.14 views

Improper access control

A vulnerability in the access control list ACL programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is...

5CVSS7.3AI score0.0089EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:43 a.m.16 views

Design/Logic Flaw

A vulnerability in the External Border Gateway Protocol eBGP implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware...

5CVSS7.3AI score0.00709EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/02/29 1:43 a.m.30 views

Cross site request forgery (csrf)

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to...

4.3CVSS6.6AI score0.0021EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.24 views

Design/Logic Flaw

The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer...

5CVSS6.8AI score0.00678EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.24 views

Cross site scripting

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instancealt parameter in the getimagealt function in all versions up to, and including, 3.18.3 due to insufficient input sanitization and output escaping. Th...

5.5CVSS6.3AI score0.00467EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:43 a.m.27 views

Cross site scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for...

5.5CVSS5.9AI score0.00443EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:43 a.m.13 views

Sql injection

A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument password with the input...

7.5CVSS8.1AI score0.00792EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.25 views

Cross site request forgery (csrf)

The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the editclarityprojectid function. This makes it possible for unauthenticated attackers to change the project id and add...

5.8CVSS6.8AI score0.01324EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.22 views

Design/Logic Flaw

The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybesendtopacketa function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as lon...

5CVSS7.2AI score0.00455EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.23 views

Sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-admin.php of the component Edit User Profile Page. The manipulation of the argument Fullname lea...

5.8CVSS7.9AI score0.00714EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:43 a.m.28 views

Design/Logic Flaw

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attacker...

4CVSS7AI score0.00375EPSS
Exploits0References2
Total number of security vulnerabilities213680