CVE-2026-6493

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

CVE-2026-6493 lukevella rallly Reset Password reset-password-form.tsx cross site scripting

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

Joomla HikaShop 跨站脚本漏洞

Joomla HikaShop is an open-source e-commerce website building and online store management extension developed by HikaShop. Version 4.7.4 of Joomla HikaShop contains a cross-site scripting vulnerability, which stems from improper handling of GET parameters. This vulnerability may lead to...

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin 4.7.0-4.7.3 - Missing Authorization to Unauthenticated Information Disclosure

Missing Authorization to Unauthenticated Information Disclosure vulnerability discovered by kr0d in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions 4.7.0-4.7.3...

EUVD-2024-37545

Malicious code in bioql PyPI...

CVE-2024-9649

The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wpulikedeletehistoryapi function. This makes it possible for...

CVE-2024-9649

CVE-2024-9649 affects the WordPress plugin WP ULike – The Ultimate Engagement Toolkit (versions up to and including 4.7.4). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation in the wp_ulike_delete_history_api() function, enabling unauthenticated...

WordPress WP ULike plugin <= 4.7.4 - Cross-Site Request Forgery to Statistic Deletion vulnerability

Cross-Site Request Forgery to Statistic Deletion vulnerability discovered by Bilal Chawich Duke in WordPress Plugin WP ULike versions = 4.7.4...

WordPress WP ULike Plugin <= 4.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP ULike Type Plugin Vulnerable versions = 4.7.4 Fixed in 4.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9649 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 736f4ce4b9c2 Credits Bilal Chawich Duke Required...

CVE-2024-7878

The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

RHSA-2021:0958 Red Hat Security Advisory: OpenShift Container Platform 4.7.4 security update

Bulletin has no description...

WordPress Moloni plugin <= 4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Moloni versions = 4.7.4...

WordPress plugin AI Infographic Maker security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-15177 · WordPress · The Author Box

Name of the Vulnerable Software and Affected Versions: The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress versions up to, and including, 4.7.4 Description: The issue allows unauthenticated attackers to extract sensitive data, including post author emails an...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to libssh denial of service vulnerabilitiy [ CVE-2023-1667]

Summary Potential libssh denial of service vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-1667 Vulnerability Details CVEID:CVE-2023-1667 DESCRIPTION:...

Security Bulletin: IBM Match 360 is vulnerable to a denial of service, caused by sending a specially-crafted request within IBM WebSphere Application Server Liberty (CVE-2023-38737)

Summary IBM Match 360 is vulnerable to a denial of service, caused by sending a specially-crafted request within IBM WebSphere Application Server Liberty. IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafte...

Security Bulletin: IBM Cloud Pak for Data Scheduling binaries were built with a go compiler with vulnerabilities( CVE-2023-39318, CVE-2023-39319, CVE-2023-39533 )

Summary Golang compiler is used to build the binaries of IBM Cloud Pak for Data Scheduling. Vulnerability Details CVEID:CVE-2023-39318 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the html/template package. A remote attacker...

Security Bulletin: IBM Cloud Pak for Data Scheduling is affected by opm vulnerability ( CVE-2023-2253 )

Summary Opm is used by IBM Cloud Pak for Data Scheduling as part of the ibm-cpd-scheduler-operator-catalog image used for installation of the Scheduler. Vulnerability Details CVEID:CVE-2023-2253 DESCRIPTION: Distribution is vulnerable to a denial of service, caused by improper input validation by...

SUSE CVE-2019-10195

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with...

PT-2023-32982 · Apollo Graphql · Apollo Server

Name of the Vulnerable Software and Affected Versions: Apollo Server versions prior to 4.7.4 Description: The issue concerns the improper application of Content Security Policies CSP in Apollo Server's landing pages, which could fail to prevent XSS attacks if a viable attack vector exists. Althou...