21 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-23792
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML...
CVE-2025-23792 WordPress Passwordless WP – Login with your glance or fingerprint Plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint passwordless-wp allows Reflected XSS.This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through ...
CVE-2025-23792
CVE-2025-23792 is a Reflected XSS in the WordPress plugin Passwordless WP – Login with your glance or fingerprint (
CVE-2025-23792 WordPress Passwordless WP – Login with your glance or fingerprint Plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint passwordless-wp allows Reflected XSS.This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through ...
CVE-2024-23792
creationtimestamp| type| source ---|---|--- 2024-01-29 11:26:26+00:00| seen| https://t.me/ctinow/175168 2024-02-21 12:11:20+00:00| seen| https://t.me/ctinow/189512...
CVE-2024-23792
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...
CVE-2024-23792
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...
CVE-2024-23792 Insufficient access control
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...
CVE-2024-23792
CVE-2024-23792 affects OTRS, with gaps in attachment handling in ticket comments. The issue allows another logged-in user to add attachments impersonating the original user when a UUID is known, potentially escalating access during the time the legitimate user is posting a comment. Affected versi...
CVE-2024-23792 Insufficient access control
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...
CVE-2023-23792
creationtimestamp| type| source ---|---|--- 2023-07-11 12:42:54+00:00| seen| https://t.me/cibsecurity/66336...
CVE-2023-23792
Cross-Site Request Forgery CSRF vulnerability in HasThemes Swatchly plugin = 1.2.0 versions...
CVE-2023-23792 WordPress Swatchly – WooCommerce Variation Swatches for Products Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in HasThemes Swatchly plugin = 1.2.0 versions...
CVE-2023-23792
CVE-2023-23792 covers a CSRF vulnerability in HasThemes Swatchly (WooCommerce Variation Swatches for Products) plugin for WordPress, affected versions = 1.2.1; as a workaround, monitor for patches and review references from Patchstack and CVE records.
CVE-2021-23792
creationtimestamp| type| source ---|---|--- 2022-05-07 00:23:03+00:00| seen| https://t.me/cibsecurity/42161...
ai.idylnlp:idylnlp-dl4j (>=1.0.0 <=1.1.0), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +724 more potentially affected by CVE-2021-23792 via com.twelvemonkeys.imageio:imageio-metadata (>=3.0 <=3.7.0)
com.twelvemonkeys.imageio:imageio-metadata MAVEN version =3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-gpu-nano =0.1.0 and more Source cves: CVE-2021-23792 Source advisory: OSV:GHSA-PJCH-4G28-FXX7...
CVE-2021-23792
The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online profile...
CVE-2021-23792
The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online profile...
CVE-2021-23792
The CVE-2021-23792 issue affects the TwelveMonkeys project: the component com.twelvemonkeys.imageio:imageio-metadata is vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser when reading XMP Metadata. Affected versions are before 3.7.1. If an attacker can s...
CVE-2021-23792 XML External Entity (XXE) Injection
The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online profile...