Lucene search

K

Themis Solutions, Inc. Security Vulnerabilities

osv
osv

CVE-2023-1323

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite.....

4.8CVSS

5.8AI Score

0.0005EPSS

2023-06-12 06:15 PM
9
osv
osv

CVE-2023-1324

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6.2AI Score

0.001EPSS

2023-04-24 07:15 PM
9
osv
osv

CVE-2023-1325

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

6AI Score

0.001EPSS

2023-04-17 01:15 PM
7
osv
osv

CVE-2023-23900

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8...

6.1CVSS

6.1AI Score

0.0005EPSS

2023-08-10 12:15 PM
9
osv
osv

CVE-2023-4925

The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...

4.8CVSS

6AI Score

0.0004EPSS

2024-01-15 04:15 PM
9
osv
osv

CVE-2021-4244

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site...

6.1CVSS

6AI Score

0.001EPSS

2022-12-12 02:15 PM
6
osv
osv

CVE-2023-2518

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6.2AI Score

0.001EPSS

2023-05-30 08:15 AM
8
githubexploit

7.5CVSS

7.7AI Score

0.013EPSS

2024-06-10 12:42 PM
154
nuclei
nuclei

WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery

WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS

6.7AI Score

0.004EPSS

2023-03-31 11:28 AM
5
cve
cve

CVE-2024-37393

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

7.5CVSS

7.7AI Score

0.013EPSS

2024-06-10 08:15 PM
22
cve
cve

CVE-2010-5170

Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
20
cve
cve

CVE-2006-6207

SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL...

8.7AI Score

0.005EPSS

2006-12-01 01:28 AM
18
githubexploit
githubexploit

Exploit for CVE-2023-38831

CVE-2023-38831 PoC (Proof Of Concept) This is an easy to use...

7.8CVSS

8.3AI Score

0.381EPSS

2023-08-28 04:56 AM
242
cve
cve

CVE-2005-4787

Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in...

6.8AI Score

0.003EPSS

2022-10-03 04:22 PM
23
osv
osv

CVE-2022-45962

Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via...

6.5CVSS

7AI Score

0.002EPSS

2023-02-13 09:15 PM
7
nessus
nessus

Justice AV Solutions JVS Viewer Installed (Windows)

Justice AV Solutions JVS Viewer is installed on the remote Windows...

7.4AI Score

2024-05-30 12:00 AM
2
openbugbounty
openbugbounty

inc-conso.fr Cross Site Scripting vulnerability OBB-3872425

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-03-14 02:53 PM
7
openbugbounty
openbugbounty

solutions-ressources-humaines.com Cross Site Scripting vulnerability OBB-3872295

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-03-14 01:14 PM
3
cve
cve

CVE-2017-17688

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an...

5.9CVSS

5.7AI Score

0.008EPSS

2018-05-16 07:29 PM
43
nessus
nessus

Grandstream Networking Solutions Device Web Detection

The web interface for a Grandstream Networking Solutions device, such as a router or wireless access point, was detected on the remote...

2.2AI Score

2019-03-28 12:00 AM
7
cve
cve

CVE-2023-45185

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: ...

8.8CVSS

8.5AI Score

0.0005EPSS

2023-12-14 02:15 PM
37
cvelist
cvelist

CVE-2024-0552 Intumit inc. SmartRobot - Remote Code Execution

Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote...

9.8CVSS

10AI Score

0.002EPSS

2024-01-15 04:03 AM
1
nessus
nessus

Automated Solutions Modbus/TCP OPC Server Detection

Automated Solutions' Modbus/TCP OPC Server is installed on the remote Windows...

2.3AI Score

2011-04-27 12:00 AM
7
nessus
nessus

Justice AV Solutions JVS Viewer Embedded Malicious Code (CVE-2024-4978)

The version of Justice AV Solutions JVS Viewer installed on the remote host is 8.3.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4978 advisory. Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an...

8.4CVSS

7.2AI Score

0.028EPSS

2024-06-11 12:00 AM
1
vulnrichment
vulnrichment

CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell...

8.4CVSS

7AI Score

0.028EPSS

2024-05-23 01:56 AM
cvelist
cvelist

CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell...

8.4CVSS

8.4AI Score

0.028EPSS

2024-05-23 01:56 AM
3
osv
osv

CVE-2023-36088

Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive...

7.5CVSS

7.4AI Score

0.001EPSS

2023-09-01 04:15 PM
10
krebs
krebs

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

6.8AI Score

2024-05-23 11:32 PM
3
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

NOTE: this cve was not found by me, i'm simply reuploading a...

8.8CVSS

6.8AI Score

0.001EPSS

2024-06-12 03:07 PM
46
hackread
hackread

Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration

By Cyber Newswire AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal… This is a post from HackRead.com Read the original post: Criminal IP: Enhancing Security Solutions through AWS Marketplace...

7.3AI Score

2024-05-22 02:00 PM
3
wpvulndb
wpvulndb

Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting

Description The Code Insert Manager (Q2W3 Inc Manager) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS

6.7AI Score

0.0004EPSS

2024-04-25 12:00 AM
7
veracode
veracode

Session Fixation

@workos-inc/authkit-nextjs vulnerable to Session Fixation. This vulnerability is due to the improper handling of expired sessions within session.ts. This allowing an attacker to reuse an expired session by controlling the x-workos-session...

4.8CVSS

6.8AI Score

0.0004EPSS

2024-04-01 03:29 AM
15
cve
cve

CVE-2024-26024

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation...

8.4CVSS

7.3AI Score

0.0004EPSS

2024-05-28 05:15 PM
1
cvelist
cvelist

CVE-2024-26024 SUBNET Substation Server Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-05-28 04:34 PM
vulnrichment
vulnrichment

CVE-2024-26024 SUBNET Substation Server Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation...

8.4CVSS

7.1AI Score

0.0004EPSS

2024-05-28 04:34 PM
vulnrichment
vulnrichment

CVE-2024-28042 SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

7.1AI Score

0.0004EPSS

2024-05-15 04:44 PM
cvelist
cvelist

CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...

5.3CVSS

5.4AI Score

0.001EPSS

2024-06-05 08:28 AM
1
cvelist
cvelist

CVE-2024-28042 SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

8.7AI Score

0.0004EPSS

2024-05-15 04:44 PM
cve
cve

CVE-2024-28042

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

7AI Score

0.0004EPSS

2024-05-15 05:15 PM
8
nuclei
nuclei

DedeCMS 5.7 - Path Disclosure

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or...

7.5CVSS

7.5AI Score

0.024EPSS

2021-03-15 06:54 AM
10
vulnrichment
vulnrichment

CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...

5.3CVSS

7.1AI Score

0.001EPSS

2024-06-05 08:28 AM
cvelist
cvelist

CVE-2024-4256 Techkshetra Info Solutions Savsoft Quiz Category Page editCategory cross site scripting

A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the...

2.4CVSS

3.7AI Score

0.0004EPSS

2024-04-27 03:31 PM
veeam
veeam

Support for IBM Cloud for VMware Solutions

Support for IBM Cloud for VMware...

7AI Score

2020-08-25 12:00 AM
6
packetstorm

7AI Score

0.0004EPSS

2024-06-10 12:00 AM
62
osv
osv

CVE-2023-4220

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS &lt;= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web...

8.1CVSS

7.3AI Score

0.002EPSS

2023-11-28 08:15 AM
7
nvd
nvd

CVE-2024-26024

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-05-28 05:15 PM
githubexploit
githubexploit

Exploit for CVE-2024-5522

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player &lt;=...

8.2AI Score

EPSS

2024-05-31 04:41 AM
192
cvelist
cvelist

CVE-2024-38282 Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the...

0.0004EPSS

2024-06-13 05:13 PM
2
nvd
nvd

CVE-2024-28042

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-05-15 05:15 PM
2
vulnrichment
vulnrichment

CVE-2024-38282 Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the...

6.6AI Score

0.0004EPSS

2024-06-13 05:13 PM
2
Total number of security vulnerabilities312377