24 matches found
CVE-2025-12352
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...
CVE-2025-12352
The CVE-2025-12352 issue affects the WordPress Gravity Forms plugin, specifically versions up to and including 2.9.20. The vulnerability arises from missing file type validation in the copy_post_image() function, allowing unauthenticated attackers to upload arbitrary files to the affected site’s ...
CVE-2025-12352 Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...
WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability
Unauthenticated Arbitrary File Upload via 'copypostimage' vulnerability discovered by Talal Nasraddeen in WordPress Plugin Gravity Forms versions = 2.9.20...
PT-2025-45404
Name of the Vulnerable Software and Affected Versions Gravity Forms versions up to and including 2.9.20 Description The Gravity Forms plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the copy post image function. This allows...
Linux Distros Unpatched Vulnerability : CVE-2021-33798
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute v...
Linux Distros Unpatched Vulnerability : CVE-2021-20307
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Format string vulnerability in panoFileOutputNamesCreate in libpano13 2.9.20rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values...
CVE-2023-28986
Cross-Site Request Forgery CSRF vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin = 2.9.20 versions...
BIT-ARGO-CD-2024-40634 Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to...
CVE-2024-40634 Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to...
CVE-2023-28986
Cross-Site Request Forgery CSRF vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin = 2.9.20 versions...
CVE-2023-28986 WordPress Affiliates Manager Plugin <= 2.9.20 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin = 2.9.20 versions...
PT-2023-22063 · WordPress · Wpaffiliatemgr Affiliates Manager
Name of the Vulnerable Software and Affected Versions: wpaffiliatemgr Affiliates Manager plugin versions = 2.9.20 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions ...
CVE-2021-33798
A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file...
CVE-2021-33798
A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file...
CVE-2021-33798
A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file...
UBUNTU-CVE-2021-33798
A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file...
CVE-2021-33798
A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file...
CVE-2021-33798
A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file...
Affiliates Manager < 2.9.21 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin = 2.9.20 versions...