The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
5.4CVSS
5.4AI Score
0.001EPSS
Description The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
6.4CVSS
5.8AI Score
0.0004EPSS
Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting
The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS...
6.1CVSS
6.1AI Score
0.001EPSS
Exploit for Injection in Vm2 Project Vm2
CVE-2023-30547 PoC Exploit for VM2 Sandbox Escape...
10CVSS
9.6AI Score
0.002EPSS
Exploit for Incorrect Authorization in Dompdf Project Dompdf
CVE-2023-23924 Dompdf vulnerable to URI validation failure...
10CVSS
9.7AI Score
0.01EPSS
Aajoda Testimonials < 2.2.2 - Cross-Site Scripting
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.8AI Score
0.001EPSS
Reviews and Rating – Google Reviews < 5.3 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated.....
6.4CVSS
5.8AI Score
0.0004EPSS
Exploit for Prototype Pollution in Qs Project Qs
CVE-2022-24999 This repository contain exploits samples of...
7.5CVSS
2.2AI Score
0.01EPSS
Exploit for Code Injection in Exiftool Project Exiftool
CVE-2021-22204 Summary of the CVE Improper sanitization...
7.8CVSS
7.6AI Score
0.89EPSS
Exploit for Improper Privilege Management in Sudo Project Sudo
CVE-2023-22809 sudo Privilege escalation Affected sudo...
7.8CVSS
8.2AI Score
0.001EPSS
10CVSS
7.3AI Score
0.003EPSS
Exploit for Improper Privilege Management in Sudo Project Sudo
CVE-2023-22809 CVE-2023-22809 is a critical...
7.8CVSS
8.3AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
pkexec-exploit Local Privilege Escalation in polkit's pkexec...
8.2AI Score
Exploit for Code Injection in Exiftool Project Exiftool
Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code...
7.8CVSS
8.5AI Score
0.89EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 One day for the polkit privilege escalation...
7.8CVSS
8.8AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...
8.2AI Score
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation...
7.8CVSS
8.5AI Score
0.001EPSS
Exploit for Injection in Vm2 Project Vm2
CVE-2023-30547 vm2 is a sandbox that can run untrusted code...
10CVSS
6.8AI Score
0.002EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 CVE-2021-4034 Add Root User - Pkexec Local...
7.8CVSS
8.7AI Score
0.001EPSS
Exploit for Improper Preservation of Permissions in Podman Project Podman
CVE-2022-1227_Exploit A script for exploiting CVE-2022-1227....
8.8CVSS
8.8AI Score
0.002EPSS
Grant "Browse Project" permission to "User Custom Field Value" makes project visible to all users
{panel:bgColor=#e7f4fa} NOTE: This bug report is for JIRA Server. Using JIRA Cloud? [See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-37117]. {panel} If in your permission schema, you grant Browse Project permission to "User Custom Field Value", the project is visible...
6.6AI Score
7.8CVSS
8.4AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
Description The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor....
4.3CVSS
6.4AI Score
0.0004EPSS
9.8CVSS
7AI Score
0.804EPSS
Exploit for Cross-Site Request Forgery (CSRF) in Sitemap Project Sitemap
CVE-2022-0952 Sitemap by click5 < 1.0.36 - Unauthenticated...
8.8CVSS
8.8AI Score
0.453EPSS
9.8CVSS
7.9AI Score
0.974EPSS
9.8CVSS
8.2AI Score
0.974EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
PwnKit-Exploit CVE-2021-4034 ...
8.1AI Score
Malicious code in eslint-plugin-cdp-project (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Exploit for Uncontrolled Resource Consumption in Quic-Go Project Quic-Go
QUIC-attacks (CVE-2022-30591) The current repository serves...
7.5AI Score
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 CVE-2021-4034 centos8可用版本...
7.8CVSS
8.6AI Score
0.001EPSS
Exploit for Off-by-one Error in Sudo Project Sudo
PE_CVE-CVE-2021-3156 Exploit for Ubuntu 20.04 using...
7.8CVSS
8.6AI Score
0.97EPSS
This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with...
6.4CVSS
5AI Score
0.0005EPSS
Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit
Description As part of my cybersecurity thesis I wanted to...
7.8CVSS
8.3AI Score
0.012EPSS
kanboard -- Project Takeover via IDOR in ProjectPermissionController
[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL...
8.2CVSS
8AI Score
0.0004EPSS
Site Reviews < 7.0.0 - IP Spoofing
Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based...
6.7AI Score
0.0004EPSS
8.2AI Score
Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit
PolicyKit CVE-2021-3560 Exploit (Authentication Agent)...
7.8CVSS
7.3AI Score
0.012EPSS
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...
4.3CVSS
6.8AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
██████╗ ██╗ ██╗██╗ ██╗███╗ ██╗███████╗██████╗ ██╔══██...
8AI Score
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 Precompiled builds for CVE-2021-4034. Of...
7.8CVSS
8.5AI Score
0.001EPSS
Exploit for Server-Side Request Forgery in Fusion Builder Project Fusion Builder
Fubucker | CVE-2022-1386 - Fusion Builder Automatic Mass Tool...
9.6AI Score
Exploit for Off-by-one Error in Sudo Project Sudo
CVE-2021-3156 [toc] 漏洞简介 漏洞编号: CVE-2021-3156...
7.8CVSS
7.9AI Score
0.97EPSS
Art Gallery Management System Project v1.0 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation...
6.1CVSS
5.9AI Score
0.003EPSS
Builder for WooCommerce reviews shortcodes – ReviewShort < 1.01.6 - Missing Authorization
Description The Builder for WooCommerce reviews shortcodes – ReviewShort plugin for WordPress is vulnerable to unauthorized access of functionality in versions up to, and including, 1.01.5. This makes it possible for unauthenticated attackers to make use of this functionality intended for higher...
5.3CVSS
6.7AI Score
0.0004EPSS
Argo CD's API server does not enforce project sourceNamespaces
Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me p, michael, applications, , demo/ , allow, where demo can just deploy to the demo namespace 2. Admin gives me AppProject dev which reconciles from ns dev-apps 3. Admin gives me p, michael,...
4.8CVSS
5AI Score
0.0004EPSS
Enrollment System Project v1.0 - SQL Injection Authentication Bypass
Enrollment System Project V1.0, developed by Sourcecodester, has been found to be vulnerable to SQL Injection (SQLI) attacks. This vulnerability allows an attacker to manipulate the SQL queries executed by the application. The system fails to properly validate user-supplied input in the username...
9.8CVSS
10AI Score
0.006EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034-PwnKit PwnKit PoC for Polkit pkexec...
7.8CVSS
8.6AI Score
0.001EPSS
Exploit for Code Injection in Exiftool Project Exiftool
CVE-2021-22204 Exploit for CVE-2021-22204 (ExifTool) -...
7.8CVSS
8.2AI Score
0.89EPSS