EUVD-2023-35112

Malicious code in bioql PyPI...

CVE-2023-30473

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maxim Glazunov YML for Yandex Market plugin = 3.10.7 versions...

CVE-2023-30748

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7...

CVE-2023-30748

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7...

CVE-2023-30748 WordPress Easy Appointments plugin <= 3.10.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7...

WordPress plugin Easy Appointments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-4478

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltipposition' attribute. This makes it...

WordPress Happy Addons for Elementor plugin <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Stack Group Widget vulnerability discovered by wesley wcraft in WordPress Plugin Happy Addons for Elementor versions = 3.10.7...

WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-31248 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.7 Description: The issue is related to Stored Cross-Site Scripting via the Image Stack Group widget due to insufficient input sanitization and output escaping...

CVE-2024-29208

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station Version 1.1.18 and earlier UniFi Connect EV Station Pro Version 1.1.18 and earlier UniFi Conne...

CVE-2024-29202 JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and...

JumpServer 安全漏洞

JumpServer is an open source bastion machine from China's Hangzhou Feizhiyun Information Technology Co. A security vulnerability exists in JumpServer versions prior to v3.10.7, which stems from a vulnerability that allows an attacker to bypass the input validation mechanism in JumpServer's Ansibl...

PT-2024-4192 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.7 Description: The issue is related to insufficient input validation in JumpServer's Ansible, allowing remote attackers to bypass the input validation mechanism and execute arbitrary code within the Celery...

PT-2024-22804

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 3.10.7 Description JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execut...

CVE-2023-6504

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppbtoolboxusermetahandler function in all versions up to, and including, 3.10.7. This makes it...

WordPress Plugin User Profile Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-30473

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maxim Glazunov YML for Yandex Market plugin = 3.10.7 versions...

CVE-2023-30473

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maxim Glazunov YML for Yandex Market plugin = 3.10.7 versions...