Evan Ricafort

Pesquisador deInvalid Web Security
#8285de 53,635
33.1CVSS total
Vulnerabilidades · 5
Baixa
1
Média
2
Alta
1
Crítica
1
PT-2025-20385
3.1
2025-05-08
Rapid7 · Rapid7 Corporate Website · CVE-2025-4132
**Name of the Vulnerable Software and Affected Versions** Rapid7 Corporate Website versions prior to May 2nd 2025 **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability allows an attacker to redirect users to a malicious site due to misconfigured headers. **Recommendations** For versions prior to May 2nd 2025, update to a version released on or after May 2nd 2025 to resolve the issue. As a temporary workaround, consider restricting access to untrusted sites to minimize the risk of exploitation.
PT-2022-21578
5.5
2022-10-24
Apple · Apple Macos · CVE-2022-32918
**Nome do software vulnerável e versões afetadas** Versões do iOS anteriores à 16 Versões do macOS anteriores à 13 **Descrição** A falha permite que um aplicativo contorne as preferências de privacidade, o que foi corrigido com o aprimoramento da proteção de dados. **Recomendações** Para versões do iOS anteriores à 16, atualize para o iOS 16 para resolver o problema. Para versões do macOS anteriores à 13, atualize para o macOS Ventura 13 para resolver o problema.
PT-2019-15248
9.8
2019-10-17
WordPress · Wordpress · CVE-2019-17670
**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.2.4 **Description** The issue is related to a Server Side Request Forgery (SSRF) vulnerability. This occurs because Windows paths are mishandled during certain validation of relative URLs. **Recommendations** For versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue.
PT-2019-5220
5.4
2019-09-11
WordPress · Wordpress · CVE-2019-17674
**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.2.4 **Description** The issue is related to a stored XSS (cross-site scripting) vulnerability via the Customizer. This vulnerability can be exploited by a remote attacker to impact data integrity. **Recommendations** For versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Customizer until a patch is applied.
PT-2019-5221
9.3
2019-09-11
WordPress · Wordpress · CVE-2019-17675
**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.2.4 **Description** The issue is related to a type confusion error during referer validation on admin pages, which could lead to a CSRF attack. This might allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to admin pages to minimize the risk of exploitation.