362 matches found
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: fulcio, influx, kubernetes-dashboard, nri-discovery-kubernetes, kubernetes-csi-driver-hostpath, rabbitmq-messaging-topology-operator, kube-logging-operator, timoni, actions-runner-controller, ctop, rabbitmq-cluster-operator, terraform-provider-aws,...
CVE-2024-23183
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated...
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8., from 2.9.0 through 2.9., from 2.10.0 through 2.10.4, from 2.11.0 throug...
CVE-2023-37544 Apache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS
Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8., from 2.9.0 through 2.9., from 2.10.0 through 2.10.4, from 2.11.0 throug...
Advisory ROSA-SA-2023-2311
software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...
WordPress Captcha Code Plugin <= 2.9 is vulnerable to Bypass Vulnerability
Software Captcha Code Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-48745 Patch priority Low CVSS severity Low 5.3 Developer WebFactory Ltd. PSID c2ae3ab19d4d Credits qilin99 Required privilege...
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: melange, snyk-cli, pulumi-kubernetes-operator, argo-events, task, flux-notification-controller, argo-workflows...
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: melange, flux-notification-controller, argo-events, task, pulumi-kubernetes-operator, snyk-cli, argo-events-fips, argo-workflows...
GHSA-HQ6Q-C2X6-HMCH vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, ip-masq-agent, prometheus-adapter, kubernetes-dns-node-cache, nodetaint, spark-operator, aws-efs-csi-driver-fips, aws-efs-csi-driver, cluster-autoscaler-fips...
CVE-2023-5528 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, ip-masq-agent, prometheus-adapter, kubernetes-dns-node-cache, nodetaint, spark-operator, aws-efs-csi-driver-fips, aws-efs-csi-driver, cluster-autoscaler-fips...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: terraform-provider-sendgrid, scorecard, buildkitd, src, cortex, slsa-verifier, up, falco, aactl, kubescape, k3d, kubevela, kubeflow, dgraph, spark-operator, prometheus-blackbox-exporter...
WordPress Super Testimonial Pro Plugin <= 2.9 is vulnerable to Cross Site Scripting (XSS)
Software Super Testimonial Pro Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5613 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4c345a4e70e4 Credits Lana Codes Required...
CVE-2023-45763
Cross-Site Request Forgery CSRF vulnerability in Taggbox plugin = 2.9 versions...
CVE-2023-45763 WordPress Taggbox Plugin <= 2.9 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Taggbox plugin = 2.9 versions...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: terraform-provider-aws, pulumi-language-dotnet, oauth2-proxy, aactl, atlantis, cosign, spark-operator, flux-helm-controller, ip-masq-agent, stakater-reloader, prometheus-blackbox-exporter, nodetaint, metrics-server, envoy-ratelimit, k3d, grype, flux-source-controller...
Ckan remote code execution and private information access via crafted resource ids
Specific vulnerabilities: Arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also reachable via packagecreate, packagerevise, and packagepatch via calls to packageupdate. Remote code execution via unsafe pickle loading, via Beaker's session store...
Design/Logic Flaw
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...
CVE-2021-39295
In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid IPMI lan+ interface...
SUSE CVE-2016-3734
Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...
PT-2022-5613 · Freerdp +9 · Freerdp +9
Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.9.0 Description: The issue is related to a lack of input length validation in the drive channel of the FreeRDP protocol implementation. This can be exploited by a malicious server to trick a FreeRDP-based client in...