π¨ CVE-2022-36374
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access.
π@cveNotify
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access.
π@cveNotify
Intel
INTEL-SA-00908
π¨ CVE-2023-22285
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
π@cveNotify
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
π@cveNotify
Intel
INTEL-SA-00963
π¨ CVE-2023-22448
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.
π@cveNotify
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.
π@cveNotify
Intel
INTEL-SA-00963
π¨ CVE-2023-32279
Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.
π@cveNotify
Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.
π@cveNotify
Intel
INTEL-SA-00944
π¨ CVE-2024-0226
Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.
π@cveNotify
Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.
π@cveNotify
π¨ CVE-2023-46943
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
π@cveNotify
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
π@cveNotify
π¨ CVE-2023-51070
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server.
π@cveNotify
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server.
π@cveNotify
GitHub
CVEs/QStar Archive Solutions/CVE-2023-51070.md at main Β· Oracle-Security/CVEs
A repository of exploits that I have discovered. These are disclosed responsibly and vendors have been contacted. In any instance where it works against the live version, the vendor has not respond...
π¨ CVE-2023-5558
The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
π@cveNotify
The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
π@cveNotify
WPScan
LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting
See details on LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting CVE 2023-5558. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-7154
The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
WPScan
Hubbub Lite < 1.32.0 - Admin+ Stored XSS
See details on Hubbub Lite < 1.32.0 - Admin+ Stored XSS CVE 2023-7154. View the latest Plugin Vulnerabilities on WPScan.
π1
π¨ CVE-2023-52042
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.
π@cveNotify
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.
π@cveNotify
ζ¬’θΏζ₯ε°Kee02pηε°ε±~
CVE-2023-52042
Product:TOTOLINK X6000R VersionοΌV9.4.0cu.852_B20230719 Firmware download address οΌhttps://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html Vulnerability DescriptionοΌIn the su
π¨ CVE-2024-5185
The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure session management implementation and weak CORS policies weakness. An attacker can direct a user to a malicious webpage that exploits a CSRF vulnerability within the EmbedAI application. By leveraging this CSRF vulnerability, the attacker can deceive the user into inadvertently uploading and integrating incorrect data into the applicationβs language model.
π@cveNotify
The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure session management implementation and weak CORS policies weakness. An attacker can direct a user to a malicious webpage that exploits a CSRF vulnerability within the EmbedAI application. By leveraging this CSRF vulnerability, the attacker can deceive the user into inadvertently uploading and integrating incorrect data into the applicationβs language model.
π@cveNotify
Blackduck
CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application
Learn about CVE-2024-5185, which identified a data poisoning vulnerability in the EmbedAI application.
π1
π¨ CVE-2024-45488
One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.
π@cveNotify
One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.
π@cveNotify
Oneidentity
Safeguard for Privileged Passwords Security Vulnerability Notification Defect 460620 (4376740)
This impacts Safeguard for Privileged Passwords hosted on VMware or HyperV only. This does not impact deployments running on physica 4376740
β€1
π¨ CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
π@cveNotify
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
π@cveNotify
GitHub
CVE-2024-45490 Β· Issue #887 Β· libexpat/libexpat
xmlparse.c does not reject a negative length for XML_ParseBuffer(), which may cause memory corruption or code execution.
π1
π¨ CVE-2024-3673
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
π@cveNotify
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
π@cveNotify
WPScan
Web Directory Free < 1.7.3 - Unauthenticated LFI
See details on Web Directory Free < 1.7.3 - Unauthenticated LFI CVE 2024-3673. View the latest Plugin Vulnerabilities on WPScan.
β€1
π¨ CVE-2024-37958
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4.
π@cveNotify
Patchstack
WordPress Meks Smart Author Widget plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2024-42337
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
π¨ CVE-2024-42338
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
π¨ CVE-2024-42339
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
π¨ CVE-2024-42340
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
π@cveNotify
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
π@cveNotify
π¨ CVE-2024-37538
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thomas Kuhlmann Link To Bible allows Stored XSS.This issue affects Link To Bible: from n/a through 2.5.9.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thomas Kuhlmann Link To Bible allows Stored XSS.This issue affects Link To Bible: from n/a through 2.5.9.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Link To Bible Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37545
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nick Halsey Floating Social Media Links allows Stored XSS.This issue affects Floating Social Media Links: from n/a through 1.5.2.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nick Halsey Floating Social Media Links allows Stored XSS.This issue affects Floating Social Media Links: from n/a through 1.5.2.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Floating Social Media Links Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.