Lucene search
K

213680 matches found

Prion
Prion
added 2024/02/21 7:15 a.m.11 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

4.3CVSS7.5AI score0.00214EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.13 views

Directory traversal

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory...

5.7AI score0.00534EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 7:15 a.m.13 views

Design/Logic Flaw

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data...

5.9AI score0.00212EPSS
Exploits0References5
Prion
Prion
added 2024/02/21 7:15 a.m.24 views

Authorization

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

5CVSS7.3AI score0.00909EPSS
Exploits0References2
Prion
Prion
added 2024/02/21 7:15 a.m.17 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1...

4.3CVSS7.5AI score0.00214EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.26 views

Code injection

This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges...

6AI score0.00387EPSS
Exploits0References6
Prion
Prion
added 2024/02/21 7:15 a.m.22 views

Design/Logic Flaw

This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data...

5.5AI score0.00197EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 7:15 a.m.20 views

Default credentials

The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges...

6.2AI score0.00173EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.20 views

Design/Logic Flaw

This issue was addressed with improved state management. This issue is fixed in iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to silently persist an Apple ID on an erased device...

5AI score0.00228EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.24 views

Information disclosure

The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information...

5.7AI score0.00183EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 7:15 a.m.21 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2...

4.3CVSS7.5AI score0.00214EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.14 views

Design/Logic Flaw

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system...

6.1AI score0.00488EPSS
Exploits1References3
Prion
Prion
added 2024/02/21 7:15 a.m.21 views

Code injection

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data...

5.5AI score0.00187EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 7:15 a.m.18 views

Code injection

A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data...

5.5AI score0.00213EPSS
Exploits0References5
Prion
Prion
added 2024/02/21 7:15 a.m.19 views

Code injection

A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data...

5.7AI score0.00168EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 7:15 a.m.21 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18...

5.8CVSS7.5AI score0.00186EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.17 views

Design/Logic Flaw

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data...

6AI score0.0037EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.20 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8...

5.8CVSS7.5AI score0.0022EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.24 views

Design/Logic Flaw

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user's private browsing activity may be unexpectedly saved in the App Privacy Report...

5.9AI score0.00173EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.17 views

Design/Logic Flaw

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption...

5.8AI score0.00209EPSS
Exploits0References6
Prion
Prion
added 2024/02/21 7:15 a.m.15 views

Cross site scripting

The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

5.5CVSS5.9AI score0.00323EPSS
Exploits0References2
Prion
Prion
added 2024/02/21 7:15 a.m.11 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5...

4.3CVSS7.5AI score0.00214EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.29 views

Design/Logic Flaw

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing...

5.6AI score0.0086EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 7:15 a.m.14 views

Code injection

The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data...

6AI score0.00425EPSS
Exploits0References7
Prion
Prion
added 2024/02/21 7:15 a.m.14 views

Design/Logic Flaw

An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges...

7.5AI score0.00195EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 5:15 a.m.17 views

Privilege escalation

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...

4CVSS7.5AI score0.00194EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 4:15 a.m.12 views

Design/Logic Flaw

The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the executepostdata function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin...

5CVSS7AI score0.00431EPSS
Exploits0References2
Prion
Prion
added 2024/02/21 4:15 a.m.17 views

Cross site request forgery (csrf)

The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the installwpr function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via ...

4.3CVSS6.6AI score0.0027EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 4:15 a.m.18 views

Cross site scripting

The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote...

4.9CVSS5.6AI score0.00471EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 4:15 a.m.25 views

Design/Logic Flaw

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

6.6AI score0.00953EPSS
Exploits1References4
Prion
Prion
added 2024/02/21 4:15 a.m.19 views

Information disclosure

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

6.3AI score0.00741EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 4:15 a.m.16 views

Design/Logic Flaw

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.3AI score0.00786EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 4:15 a.m.25 views

Design/Logic Flaw

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. Chromium security severity: Medium...

7.4AI score0.00795EPSS
Exploits1References4
Prion
Prion
added 2024/02/21 4:15 a.m.30 views

Design/Logic Flaw

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

6.3AI score0.18552EPSS
Exploits1References4
Prion
Prion
added 2024/02/21 4:15 a.m.25 views

Authorization

Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

6.3AI score0.10365EPSS
Exploits1References4
Prion
Prion
added 2024/02/21 4:15 a.m.20 views

Design/Logic Flaw

Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.3AI score0.08994EPSS
Exploits1References4
Prion
Prion
added 2024/02/21 4:15 a.m.27 views

Information disclosure

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

6.3AI score0.00881EPSS
Exploits1References4
Prion
Prion
added 2024/02/21 3:15 a.m.19 views

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary...

6CVSS5.5AI score0.00558EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 3:15 a.m.21 views

Cross site scripting

Reflected cross-site scripting XSS vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the...

6.8CVSS5.9AI score0.00611EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 3:15 a.m.17 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users...

6CVSS5.3AI score0.00558EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 3:15 a.m.21 views

Cross site scripting

Reflected cross-site scripting XSS vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the...

6.8CVSS5.9AI score0.00611EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 3:15 a.m.13 views

Design/Logic Flaw

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can...

6.4CVSS6.9AI score0.00487EPSS
Exploits0References2
Prion
Prion
added 2024/02/21 3:15 a.m.12 views

Cross site scripting

Reflected cross-site scripting XSS vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected in...

6CVSS5.9AI score0.0062EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 3:15 a.m.20 views

Authentication flaw

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

6.4CVSS7.1AI score0.00882EPSS
Exploits1References5
Prion
Prion
added 2024/02/21 3:15 a.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...

6.8CVSS6.1AI score0.00555EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 2:15 a.m.28 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject...

6CVSS5.3AI score0.00614EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 2:15 a.m.15 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...

6CVSS5.3AI score0.00558EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 2:15 a.m.17 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to...

6CVSS5.3AI score0.00558EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 2:15 a.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML v...

6.8CVSS6.2AI score0.00555EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 1:15 a.m.7 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

7.4AI score
Exploits0
Total number of security vulnerabilities213680