Low: Red Hat Security Advisory: Red Hat Decision Manager 7.12.1 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

CVE-2022-0447

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting...

Denial Of Service (DoS)

libnbd is vulnerable to denial of service. The vulnerability exists when performing multi-threaded copies using asynchronous nbd calls which results in the silent creation of a corrupted destination image...

zbzcms SQL注入漏洞

zbzcms Station Helper CMS is a content management website of China Station Helper CMS zbzcms Inc. zbzcms version 1.0 has a SQL injection vulnerability, which originates from a SQL injection vulnerability found through the id parameter of /php/ajax.php. No detailed vulnerability details are...

@0xcert/ethereum-bitski-backend-provider (>=2.0.0 <=2.0.3), @0xcert/ethereum-bitski-frontend-provider (>=2.0.0 <=2.0.3) +855 more potentially affected by CVE-2021-43138 via async (>=3.0.0 <=3.2.1)

async NPM version =3.0.0, =2.0.0, =2.0.0, =4.3.0, =0.0.6-1, =3.6.5, =0.0.73, =1.5.1, =1.7.58, =0.0.1, =1.3.6, =13.0.6, =5.1.1, =1.3.1, =0.0.2, =0.4.0-next.28 - @ahm-monash/private-test =1.0.0 and more Source cves: CVE-2021-43138 Source advisory: OSV:GHSA-FWR7-V2MV-HH25...

WordPress plugin SpeakOut! Email Petitions SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress SpeakOut! dkspeakoutsendmail AJAX operation is not cleaned up and escaped before the id parameter is used, an attacker can u...

CVE-2022-0694

The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abcbookinggetSingleCalendar AJAX action available to both unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

libnbd: nbdcopy: missing error handling may create corrupted destination image

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the error parameter. This could result in the silent creation of a...

WordPress plugin Infographic Maker SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in the WordPress plugin...

WordPress plugin FormCraft 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A code issue vulnerability previously existed in the WordPres...

PT-2022-13401 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress WordPress plugin versions prior to 1.0.11 Description: The issue arises from the failure to properly sanitize user-supplied POST data, which is then used in a dynamically constructed SQL query. This occurs via the "bookingpress...

WordPress plugin BookingPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin BookingPress 1.0.11 version befor...

WordPress plugin Advanced Booking Calendar SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin Advanced Booking Calendar version prior to...

libnbd: nbdcopy: missing error handling may create corrupted destination image

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the error parameter. This could result in the silent creation of a...

WordPress plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Email Users plugin version 1.7.6 and previous versions have a SQL injection vulnerability, which originates from WP Email...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Master Addons for Elementor plugin versions prior to 1.8.5 contain a cross-site scripting vulnerability that stems from the plugin's...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Advanced Product Labels for WooCommerce plugin version 1.2.3.7 has a cross-site scripting vulnerability. The vulnerability stem...

CVE-2022-0410

The WP Visitor Statistics Real Time Traffic WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection...

WordPress的Video Conferencing with Zoom插件信息泄露漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Video Conferencing with Zoom Plugin prior to versi...

CVE-2020-36510

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cbsa AJAX action, leading to a Reflected Cross-Site Scripting...