EUVD-2019-3644

Malware in sbrugna...

EUVD-2022-35516

Malicious code in bioql PyPI...

EUVD-2022-35514

Malicious code in bioql PyPI...

BIT-LIBPHP-2024-1874 Command injection via array-ish $command parameter of proc_open()

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

CVE-2022-32444

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php...

Grafana API IDOR

Today we are releasing Grafana 8.3.5 and 7.5.14. This patch release includes MEDIUM severity security fix for Grafana Teams API IDOR. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5....

CVE-2024-2655

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated...

WordPress Plugin Livemesh Addons for Elementor Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Design/Logic Flaw

The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mkcheckfilemanagerphpsyntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server...

PT-2024-15110 · WordPress · File Manager Pro

Name of the Vulnerable Software and Affected Versions: File Manager Pro plugin for WordPress versions up to, and including, 8.3.4 Description: The issue allows authenticated attackers, with subscriber access and above, to execute code on the server via the mk check filemanager php syntax AJAX...

High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin

On December 14th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in File Manager Pro, a WordPress plugin with an estimated 10,000+ active installations. This vulnerability made it possible for authenticated...

Tenable Nessus Agent 8.3.3 <= 8.3.4 Multiple Vulnerabilities (TNS-2023-13)

Tenable Nessus Agent is prone to multiple vulnerabilities in OpenSSL. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-32442

u5cms version 8.3.5 is vulnerable to Cross Site Scripting XSS. When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl 96502%27bad=", it can cause html injection...

CVE-2022-32444

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php...

CVE-2022-32444

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php...

Design/Logic Flaw

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php...

Cross site scripting

u5cms version 8.3.5 is vulnerable to Cross Site Scripting XSS. When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl 96502%27bad=", it can cause html injection...

CVE-2022-32442

CVE-2022-32442 affects u5cms 8.3.5. The issue is a stored/reflected XSS on the default home page caused by insufficient input validation of a URL parameter (example: Onmouseover=%27tzgl (96502)%27bad=). Documents confirm HTML injection risk; no explicit exploit details or remediation are provided...

CVE-2022-32444

CVE-2022-32444 affects u5cms version 8.3.5 and is a URL redirection/open redirect vulnerability. The vulnerability occurs via /loginsave.php, allowing an attacker to redirect a user’s browser to a malicious site. The connected Nuclei template confirms the affected software/component and describes...

u5cms 跨站脚本漏洞

u5cms is u5cms open source a medium-sized web content management system . u5cms 8.3.5 version of a security vulnerability , the vulnerability stems from the default home page does not check the user input parameters are legitimate , an attacker can use this vulnerability to malicious script...