WordPress Plugin Passster Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

Apache Superset SQL注入漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit the vulnerability to...

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

Vulnerability fixed in Progress Kemp LoadMaster

Progress Kemp has fixed a vulnerability in LoadMaster. The vulnerability allows a malicious party to use specially API calls to issue system commands without being authorized. being authorized to do so. For successful exploitation, the malicious party must have access to the management interface...

Archer Platform Security Vulnerability

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.8 through prior to 6.14 P2 6.14.0.2 that stems from improper access control. An attacker exploiting this vulnerability could access API information with...

CVE-2024-25605

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

PT-2024-15692 · WordPress · The Passster

Name of the Vulnerable Software and Affected Versions: The Passster – Password Protect Pages and Content plugin for WordPress versions up to, and including, 4.2.6.2 Description: The issue allows unauthenticated attackers to obtain sensitive information, including post titles, slugs, IDs, content,...

CVE-2023-47132

An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls...

N-able N-central Security Vulnerabilities

N-able N-central is an RMM platform from N-able, Inc. providing large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central version 2023.6 and prior versions, which stems from a vulnerability th...

PT-2024-13410 · N Able · N-Able N-Central

Name of the Vulnerable Software and Affected Versions: N-able N-central versions prior to 2023.6 Description: An issue in N-able N-central allows attackers to gain escalated privileges via API calls. Recommendations: For versions prior to 2023.6, update to version 2023.6 or later to resolve the...

Elastic Security Breach

Elastic is the Netherlands Elastic company's set of open source distributed RESTful search engine built on Lucene . The product is primarily used in cloud computing and supports data indexing using JSON over HTTP. A security vulnerability exists in Elastic that stems from the possibility that a...

Superwebmailer Cross-Site Scripting Vulnerability

Superwebmailer is a web-based PHP newsletter software for newsletter recipient management, sending HTML newsletters, birthday emails. A cross-site scripting vulnerability exists in Superwebmailer version v9.31.0.01799, which stems from a cross-site scripting vulnerability in the component api.php...

Open Forms Security Vulnerability

Open Forms is Open Formulieren open source an intelligent dynamic form . Used to quickly create a powerful and intelligent forms exposed through the API . A security vulnerability exists in Open Forms versions prior to 2.2.8, 2.3.6, 2.4.4, 2.5.1, which stems from an authentication bypass...

The vulnerability of the API PUT Request Handler component of the software platform based on Git, which is used for collaborative code development in GitLab, allows a malicious actor to execute arbitrary API PUT requests.

The vulnerability of the API PUT Request Handler component of the software platform based on Git for collaborative code development on GitLab exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows an attacker to execute arbitrary API PUT...

PYSEC-2024-261

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

PYSEC-2024-261

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

CVE-2024-1210

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes...