Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that's installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in Novembe...

CVE-2023-2806

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...

Checkmk 安全漏洞

Checkmk is an editor. A security vulnerability exists in Tribe29 Checkmk that stems from insufficient REST API permission checking, which allows an attacker to schedule downtime for any host. Affected products and versions: Tribe29 Checkmk 2.1.0p27 and earlier, 2.2.0b4 beta and earlier...

PT-2023-4644 · NetGear · Netgear Orbi 760

Name of the Vulnerable Software and Affected Versions: NETGEAR Orbi 760 affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. The specific flaw exists within the implementation of t...

SUSE CVE-2018-6091

Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

SUSE CVE-2022-1488

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension...

CVE-2022-37919

A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect...

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.5.0.101 and prior versions, which stems from an incorrect authorization control in t...

CVE-2022-21595

Vulnerability in the MySQL Server product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-20921

A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator MSO could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sendi...

DEBIAN-CVE-2022-1868

Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page...

UBUNTU-CVE-2022-1488

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension...

ajenti 操作系统命令注入漏洞

ajenti is a Linux and BSD modular server management panel from ajenti open source. A security vulnerability exists in ajenti version 2.1.31, which stems from a problem with the component API. An attacker can exploit the vulnerability to achieve privilege escalation...

GHSA-V3M2-PG96-W33M Openstack cinder Improper handling of ScaleIO backend credentials

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

UBUNTU-CVE-2022-0610

Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...

Google Chrome 资源管理错误漏洞

Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in the Network API in versions of Google Chrome prior to 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-38312 Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...

CVE-2021-1369

A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity XXE...

The vulnerability in the API for searching extensions of the WebExtensions framework in the Mozilla Firefox browser allows a hacker to gain unauthorized access to protected information.

The vulnerability of the API for searching WebExtensions extensions in the Mozilla Firefox browser is related to an execution error when searching certain privileged pages, such as “about: debugging”. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protect...