CVE-2022-0709

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability...

TencentOS Server 4: python3.12 (TSSA-2024:0709)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0709 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2020-0709

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0732...

CVE-2025-0709

A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2025-0709 Dcat-Admin Roles Page roles cross site scripting

A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2025-0709 Dcat-Admin Roles Page roles cross site scripting

A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2025-0709

CVE-2025-0709 affects Dcat-Admin 2.2.1-beta, specifically the Roles Page component at /admin/auth/roles. Root cause: cross-site scripting (XSS) via manipulation of input on that page; exploitation can be remote and has been disclosed publicly. Multiple sources (NVD, Red Hat, OSV, CVELIST, vulnbod...

CVE-2024-0709

CVE-2024-0709 affects the WordPress plugin Cryptocurrency Widgets – Price Ticker & Coins List (versions 2.0–2.6.5). The vulnerability is an unauthenticated SQL injection in the coinslist parameter caused by insufficient escaping and lack of proper SQL query preparation, allowing an attacker to ap...

WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.0 is vulnerable to SQL Injection

Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.0 Fixed in 2.6.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0709 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID eb9b26b5950f Credits vollkorntomate...

CVE-2024-0709

creationtimestamp| type| source ---|---|--- 2024-01-21 15:13:41+00:00| published-proof-of-concept| https://t.me/codeb0ss/1360 2024-02-15 21:32:16+00:00| seen| https://t.me/ctinow/185890...

Important Photon OS Security Update - PHSA-2024-3.0-0709

Updates of 'openresty' packages of Photon OS have been released...

WordPress Metform Elementor Contact Form Builder Plugin < 3.3.1 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...

CVE-2023-0709

The CVE concerns the WordPress plugin Metform Elementor Contact Form Builder for WordPress. Versions up to and including 3.3.0 are vulnerable to stored Cross-Site Scripting via the mf_last_name shortcode, which echoes unescaped form submissions and can execute scripts in pages when a page contain...

SUSE CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

org.apache.portals.jetspeed-2:app-servers (>=2.1.3 <=2.1.4), org.apache.portals.jetspeed-2:jetspeed-archetype (>=2.2.1 <=2.3.0) +1 more potentially affected by CVE-2016-0709 via org.apache.portals.jetspeed-2:jetspeed (>=2.1.3 <=2.3.0)

org.apache.portals.jetspeed-2:jetspeed MAVEN version =2.1.3, =2.1.3, =2.2.1, =2.2.2, =2.3.0 Source cves: CVE-2016-0709 Source advisory: OSV:GHSA-W47P-5Q88-HJ5G...

CVE-2022-0709

The vulnerability CVE-2022-0709 affects the WordPress Booking Package plugin (before 1.5.29). A token used for exporting the iCal booking calendar is returned in unauthenticated booking responses, enabling unauthenticated users to trigger a sensitive data disclosure that may leak booking details ...

CVE-2022-0709 Booking Package < 1.5.29 - Unauthenticated Sensitive Data Disclosure

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability...

SUSE: Security Advisory (SUSE-SU-2013:0709-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4537764)

This host is missing a critical security update according to Microsoft KB4537764 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-0709

CVE-2020-0709 / CVE-2020-0732 describe an elevation of privilege in Microsoft DirectX due to improper handling of in-memory objects. Affected component is DirectX (Windows platform); root cause cited as memory handling issues that can allow code execution with kernel-level or high-privilege conte...