28 matches found
CVE-2026-1729
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...
WordPress plugin AdForest 访问控制错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2022-2172
Malicious code in bioql PyPI...
EUVD-2024-39122
Malicious code in bioql PyPI...
MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'zlib' class MetasploitModule 'MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever', 'Description' = %q MongoDB Ops Manag...
CVE-2024-41668
The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...
CVE-2024-41668
The CVE-2024-41668 affects cBioPortal for Cancer Genomics. A publicly exposed proxy endpoint without authentication allows Server-Side Request Forgery (SSRF); logged-in users can exploit this on private instances too. A fix is available in version 6.0.12. As a workaround, disable the /proxy endpo...
CVE-2024-41668 cBioPortal Proxy Endpoint Vulnerabliity
The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...
CVE-2024-41668 cBioPortal Proxy Endpoint Vulnerabliity
The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...
PT-2024-29495 · Unknown · Cbioportal
Name of the Vulnerable Software and Affected Versions: cBioPortal versions prior to 6.0.12 Description: The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication...
Advisory ROSA-SA-2023-2197
software: suricata 6.0.12 WASP: ROSA-CHROME packageevrstring: suricata-6.0.12-1.src.rpm CVE-ID: CVE-2021-37592 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a TCP/IP stack created that can send a specific sequence of...
GSD-2023-1000081 sctp: fix memory leak in sctp_stream_outq_migrate()
sctp: fix memory leak in sctpstreamoutqmigrate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.12 by commit...
PT-2023-33156 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue is related to a pci device refcount leak in the nv1a ram new function. This problem was introduced in version v3.14 and is fixed in Linux Kernel version v6.0.12. The actual impact...
PT-2023-33164 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: A NULL dereference issue has been identified. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.12, update to versi...
PT-2023-33170 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: A potential security issue exists due to a missing function call in the probe and remove methods of the m can class. The actual impact and attack plausibility have not yet been proven...
PT-2023-33141 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue is related to a potential security vulnerability in the Linux Kernel. It was introduced in version v5.13 and fixed in version v6.0.12. The actual impact and attack plausibility hav...
PT-2023-33146 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue concerns the nvme ns head list in the Linux Kernel, specifically with regards to SRCU protection. The actual impact and potential for attack have not been proven yet...
PT-2023-33178 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: libbpf versions prior to v6.0.12 Description: The issue is related to a handle size overflow for ringbuf mmap. It was introduced in Linux Kernel version v5.8 and fixed in version v6.0.12. The actual impact and attack plausibility have not yet...
Security Updates for Microsoft ASP.NET Core (December 2022)
A remote code execution vulnerability exists in ASP.NET core 3.1, ASP.NET 6.0, and ASP.NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files. Note that Nessus has not tested for this issue but has instead relied only on the...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE such that a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files. Remediation Upgrade Microsoft.WindowsDesktop.App.Runtime.win-arm64 to version 6.0.12,...