Forms Ada – Form Builder Security Vulnerabilities

flatpak security update

[1.0.9-13] - Fix...

Oracle Linux 7 : flatpak (ELSA-2024-3980)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3980 advisory. [1.0.9-13] - Fix CVE-2024-32462 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not.....

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

Insecure Credential Storage

TYPO3 is vulnerable to Insecure Credential Storage. The vulnerability is due to the backend form reloading when creating new backend user accounts, potentially persisting records with insecure or empty...

F-logic DataCube3 - SQL Injection

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id...

BIT-magento-2024-34105

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

RHEL 8 : flatpak (RHSA-2024:3961)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3961 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

RHEL 8 : flatpak (RHSA-2024:3962)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3962 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

RHEL 9 : flatpak (RHSA-2024:3959)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3959 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update

Description The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for...

RHEL 9 : flatpak (RHSA-2024:3960)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3960 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

FreeBSD : go -- multiple vulnerabilities (a5c64f6f-2af3-11ef-a77e-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a5c64f6f-2af3-11ef-a77e-901b0e9408dc advisory. The Go project reports: archive/zip: mishandling of corrupt central directory record The...

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

FreeBSD : traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses (219aaa1e-2aff-11ef-ab37-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 219aaa1e-2aff-11ef-ab37-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Go managing various Is methods ...

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

CVE-2024-5858

The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with...

CVE-2024-5858

The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with...

CVE-2024-5858 Infographic Maker iList <= 4.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Title Update

The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with...

CVE-2024-3814

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-3814

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-6696

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....

CVE-2023-6696

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....

CVE-2024-2544

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

CVE-2024-3813

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include...

CVE-2024-3813

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include...

CVE-2024-2544

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

CVE-2023-6696 Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....

CVE-2023-6696 Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check,....

CVE-2024-3813 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include...

CVE-2024-3813 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include...

CVE-2024-3814 tagDiv Composer <= 4.8 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-2544 Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

CVE-2024-2544 Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

Gradio Hugging Face - Local File Inclusion

Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio &lt;...

Apache OFBiz Directory Traversal - Remote Code Execution

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before...

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) For more details about the security...

Image builder components bug fix, enhancement and security update

An update is available for osbuild, osbuild-composer. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Image Builder is a service for building customized OS...

Low: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

gcc bug fix update

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and...

krb5 security update

An update is available for krb5. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of.....