24 matches found
EUVD-2021-25682
Malware in sbrugna...
EUVD-2025-30233
Malicious code in bioql PyPI...
CVE-2025-10146
The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘userids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2025-10146
CVE-2025-10146 affects the WordPress Download Manager plugin, with vulnerable versions up to 3.3.23, due to insufficient input sanitization and output escaping in the parameter user_ids . This enables Reflected Cross-Site Scripting by unauthenticated attackers who lure a user to perform an action...
PT-2025-38509
Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions prior to 3.3.24 Description The WordPress Download Manager plugin is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows...
Linux Distros Unpatched Vulnerability : CVE-2020-15106
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file a...
Linux Distros Unpatched Vulnerability : CVE-2020-15112
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This...
SUSE CVE-2020-15114
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requestin...
SUSE CVE-2020-15115
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...
CVE-2021-39321 Sassy Social Share 3.3.23 PHP Object Injection
Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wpajaxheateorsssimportconfig AJAX action due to deserialization of unvalidated user supplied inputs via the importconfig function found in the /admin/class-sassy-social-share-admin.php file. Th...
Sassy Social Share 3.3.23 - Missing Access Controls to PHP Object Injection
Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wpajaxheateorsssimportconfig AJAX action due to a missing capability check in the importconfig function found in the /admin/class-sassy-social-share-admin.php file along with the implementation...
ETCD Resource Management Error Vulnerability
etcd is a key-value storage system for distributed systems written in the Go language. A resource management error vulnerability exists in etcd versions prior to 3.3.23 and 3.4.10. An attacker could exploit this vulnerability to cause a denial of service...
etcd input validation error vulnerability (CNVD-2020-47967)
etcd is a key-value storage system for distributed systems written in the Go language. An input validation error vulnerability exists in etcd versions prior to 3.3.23 and prior to 3.4.10. The vulnerability stems from a network system or product that does not properly validate input data. No...
DEBIAN-CVE-2020-15114
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requestin...
CVE-2020-15136
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...
CVE-2020-15115
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...
etcd Input Validation Error Vulnerability
etcd is a key-value storage system for distributed systems written in the Go language. An input validation error vulnerability exists in etcd versions prior to 3.3.23 and prior to 3.4.10. The vulnerability stems from a network system or product that does not properly validate input data. A remote...
etcd Access Restriction Bypass Vulnerability
etcd is a key-value storage system for distributed systems written in the Go language. A security vulnerability exists in etcd versions prior to 3.3.23 and 3.4.10, which stems from the program failing to perform any privilege checks. An attacker could exploit this vulnerability to bypass access...
CVE-2020-15106
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...
PT-2020-14195 · Coreos +3 · Etcd +3
Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.23 and earlier etcd versions 3.4.10 and earlier Description: The issue concerns the creation of certain directory paths with restricted access permissions by using the os.MkdirAll function, which does not perform permission...