CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49159 – WordPress CommentLuv Plugin <= 3.0.4 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-49159
28 Nov 2023 — Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Elegant Digital Solutions CommentLuv. Este problema afecta a CommentLuv: desde n/a hasta 3.0.4. The CommentLuv plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.4 via the do_click function. This makes it possible for unauthenticated attackers to make web... • https://patchstack.com/database/vulnerability/commentluv/wordpress-commentluv-plugin-3-0-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40210 – WordPress SB Child List Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40210
11 Aug 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Sean Barton (Tortoise IT) SB Child List en versiones <= 4.5. The SB Child List plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5. This is due to missing or incorrect nonce validation on the 'sb_cl_update_settings' function. This makes it possible for unauthenticated atta... • https://patchstack.com/database/vulnerability/sb-child-list/wordpress-sb-child-list-plugin-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3133 – Elementor Contact Form DB <= 1.5 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2021-3133
12 Jan 2021 — The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages. El plugin Elementor Contact Form DB versiones anteriores a 1.6 para WordPress, permite un ataque de tipo CSRF por medio de las páginas de administración del backend • https://advisory.checkmarx.net/advisory/CX-2020-4293 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2020-14148
https://notcve.org/view.php?id=CVE-2020-14148
15 Jun 2020 — The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. La implementación del protocolo Server-Server en ngIRCd versiones anteriores a 26~rc2, permite un acceso fuera de límites, como es demostrado por la función IRC_NJOIN() • https://github.com/ngircd/ngircd/issues/274 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5580
https://notcve.org/view.php?id=CVE-2013-5580
01 Oct 2013 — The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client. Las funciones (1) Conn_StartLogin y (2) cb_Read_Resolver_Result en conn.c de ngIRCd 18 hasta 20.... • http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=309122017ebc6fff039a7cab1b82f632853d82d5 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 2CVE-2005-0199 – ngIRCd 0.6/0.7/0.8 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-0199
06 Feb 2005 — Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow. • https://www.exploit-db.com/exploits/25070 • CWE-191: Integer Underflow (Wrap or Wraparound) •