CVE-2022-48309

A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90...

CVE-2024-8253

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers...

WordPress plugin Post Grid and Gutenberg Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Post Grid and Gutenberg Blocks plugin <= 2.2.90 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.90...

PT-2024-38891 · WordPress · Post Grid/Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Post Grid and Gutenberg Blocks plugin for WordPress versions 2.2.87 through 2.2.90 Description: The issue is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it...

CVE-2022-4901

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim...

CVE-2022-48309

A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90...

PT-2023-15689 · Sophos · Sophos Connect

Name of the Vulnerable Software and Affected Versions: Sophos Connect versions prior to 2.2.90 Description: An information disclosure issue allows sensitive key material to be included in technical support archives. Recommendations: For Sophos Connect versions prior to 2.2.90, update to version...

Sophos Connect 跨站请求伪造漏洞

Sophos Connect is a VPN client from Sophos UK. A security vulnerability exists in Sophos Connect version 2.2.90 and prior versions. An attacker could exploit this vulnerability to perform cross-site request forgery attacks...

Sophos Connect 安全漏洞

Sophos Connect is a VPN client from Sophos UK. A security vulnerability exists in Sophos Connect version 2.2.90 and prior versions, which stems from an information disclosure vulnerability in the technical support archive. An attacker could exploit the vulnerability to obtain sensitive key materi...

PT-2023-15910 · Sophos · Sophos Connect

Name of the Vulnerable Software and Affected Versions: Sophos Connect versions prior to 2.2.90 Description: The issue allows Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. This is achieved through multiple stored XSS...

CVE-2021-20832

InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90510 contain a vulnerability which may lead to information disclosure only when it works with the body composition analyzer InBody Dial. This may allow an attacker who can connect to the InBody Dial with...