Skip to main content

Re

5 CVEs product

Monthly

CVE-2024-9271 MEDIUM PATCH This Month

The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Re
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2020-15849 HIGH POC This Week

Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload SQLi PHP Re
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-15488 HIGH POC This Week

Re:Desk 2.3 allows insecure file upload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Re
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15487 CRITICAL POC Act Now

Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Re
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2014-6946 MEDIUM This Month

The Re:kyu (aka com.appzone619) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Re
NVD
CVSS 2.0
5.4
EPSS
0.1%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Re
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload SQLi +2
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Re:Desk 2.3 allows insecure file upload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Re
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Re
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Re:kyu (aka com.appzone619) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Re
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy