DoS (Denial of Service) at commons-fileupload dependency in Crucible Server

This High severity DoS Denial of Service vulnerability was introduced in version 4.9.0 of Crucible Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to cause a resource to...

RCE (Remote Code Execution) at com.fasterxml.jackson.core:jackson-core dependency in Crucible Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 4.9.0 of Crucible Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an unauthenticated...

CVE-2021-33348

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

EUVD-2021-1510

Malware in sbrugna...

EUVD-2024-31328

Malicious code in bioql PyPI...

CVE-2024-30528

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10...

Apache Felix Webconsole: XSS in services console

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issu...

PT-2024-37345 · Sowa Opac · Sowa Opac

Name of the Vulnerable Software and Affected Versions: SOWA OPAC versions 4.0 through 4.9.10 SOWA OPAC versions 5.0 through 6.2.12 Description: The issue allows for Reflected Cross-Site Scripting XSS due to improper neutralization of input during web page generation. An attacker could trick a use...

CVE-2024-30528

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10...

PT-2024-25360 · Unknown · Tips/Tricks Hq Easy Accept Payments

Name of the Vulnerable Software and Affected Versions: Tips and Tricks HQ Easy Accept Payments versions 4.9.10 and earlier Description: The issue is related to a Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments. Recommendations: For versions 4.9.10 and earlier, updat...

WordPress Easy Accept Payments for PayPal plugin <= 4.9.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Easy Accept Payments versions = 4.9.10...

WordPress Spiffy Calendar Plugin <= 4.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30427 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e5917dca625b Credits Dimas Maulana Required privileg...

PT-2024-12786 · Dell · Dell Update Package

Name of the Vulnerable Software and Affected Versions: Dell Update Package DUP versions prior to 4.9.10 Description: The issue allows a malicious user with local access to the system to potentially exploit it and run arbitrary code as admin. This is due to an Uncontrolled Search Path vulnerabilit...

WordPress plugin Easy Accept Payments for PayPal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

phpMyAdmin 4.9.x < 4.9.10 Information Disclosure

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.10 or 5.1.x prior to 5.1.3. It is, therefore, affected by an information disclosure that would reveal the path on disk where phpMyAdmin is running from. Note that the scanner has not tested for these issues but has...

phpMyAdmin < 4.9.10, 5.x < 5.1.3 Information Disclosure Vulnerability - Windows

phpMyAdmin is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

phpMyAdmin < 4.9.10, 5.x < 5.1.3 Information Disclosure Vulnerability - Linux

phpMyAdmin is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-2C25-XFPQ-8W9R Cross-site scripting in jfinal

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

GHSA-C78W-2GW7-GJV3 XSS in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in: the core parser and media plugin. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE...

WordPress Howsci 1.8 Open Redirection

Exploit Title : WordPress Howsci Themes 1.8 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 24/05/2019 Vendor Homepage : howsci.com Theme Affected Version : 1.8 WordPress Affected Version : 4.9.10 Information Link : howsci.com/tag/themes/ Tested...