CVE-2024-27096 SQL Injection in through the search engine

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...

CVE-2024-27096

GLPI (Free Asset and IT Management Software) is affected by CVE-2024-27096 : a SQL injection vulnerability in the search engine that can be exploited by an authenticated user to extract data from the database. The vulnerability has been patched in version 10.0.13 ; multiple sources (NVD, RH Red H...

GLPI Security Vulnerabilities

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

CVE-2024-28193

The CVE affects YourSpotify

CVE-2023-7072

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'getposts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...

CVE-2024-2107 Blossom Spa <= 1.3.3 - Sensitive Information Exposure

The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.3 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts...

CVE-2024-2107

CVE-2024-2107 affects the Blossom Spa WordPress theme (versions up to 1.3.4). The vulnerability enables sensitive information exposure via generated source, allowing unauthenticated attackers to retrieve contents of password-protected or scheduled posts. The connected Red Hat advisory reiterates ...

BIT-FLINK-2020-1960

A vulnerability in Apache Flink 1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0 where, when running a process with an enabled JMXReporter, with a port configured via...

Code injection

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or...

PT-2024-17993 · WordPress · Page Builder Sandwich

Name of the Vulnerable Software and Affected Versions: The Page Builder Sandwich – Front End WordPress Page Builder Plugin versions up to, and including, 5.1.0 Description: The issue allows authenticated attackers with subscriber access or higher to extract sensitive user or configuration data du...

CVE-2024-1981

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'tableprefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Design/Logic Flaw

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acxcsmasubscribeajax' function. This can allow authenticated attackers to extract sensitive data such as names and email...

CVE-2024-1698

The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and la...

PT-2024-15009 · WordPress · Infinitewp Client

Name of the Vulnerable Software and Affected Versions: InfiniteWP Client plugin for WordPress versions up to, and including, 1.12.3 Description: The issue allows unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window ...

CVE-2024-0610

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.2.6 - Unauthenticated SQL Injection

Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the...

CVE-2024-23674

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...

CVE-2024-23674

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...

New Backdoor Masquerading as a Software Update Agent, Targets macOS

Summary: Apple macOS users are currently being targeted by a newly discovered Rust-based backdoor known as RustDoor. This backdoor masquerades as an update for Microsoft Visual Studio and is designed to target both Intel and Arm architectures. RustDoor is equipped with various commands, enabling ...

Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original...