Kategori: NIST-Güvenlik Açıkları

CVE-2020-36706

The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in…

Devamını oku

CVE-2021-4335

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check…

Devamını oku

CVE-2021-4353

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due…

Devamını oku

CVE-2022-4712

The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions…

Devamını oku

CVE-2023-40361

SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to…

Devamını oku

CVE-2023-34052

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which…

Devamını oku

CVE-2023-34051

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which…

Devamını oku

CVE-2023-45394

Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the “Request a Quote” Section of Small CRM v3.0 allows an attacker to store and…

Devamını oku

CVE-2022-4531

** REJECT ** Not a valid vulnerability. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database

Devamını oku

CVE-2023-27792

An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. Zafiyet ile…

Devamını oku