CVE-2023-50298

CVE-2023-50298: Apache Solr Streaming Expressions can reveal ZooKeeper credentials via zkHost if the SolrCloud uses ZooKeeper authentication. Affected: Solr 6.0.0–8.11.2 and 9.0.0–9.3.x (before 9.4.1). Root cause: zkHost usage may transmit ZooKeeper credentials/ACLs to an attacker-controlled serv...

CVE-2023-50298

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original...

WordPress Plugin Podlove Subscribe button SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

Information disclosure

The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wpajaxnoprivtribedropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data...

CVE-2024-22211

FreeRDP is a collection of remote desktop protocol library and client software that is both free and open source. An integer overflow within freerdpbitmapplanarcontextreset results in a heap-buffer overflow. This impacts clients built on FreeRDP. However, server implementations and proxies based ...

CVE-2024-22211 FreeRDP integer Overflow leading to Heap Overflow

FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in freerdpbitmapplanarcontextreset leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A...

tRPC vs GraphQL

Deciphering the Cloud Conundrum: An Introduction to tRPC & GraphQL The dynamic domain of cloud technology presents a couple of instrumental methodologies in the arena of APIs: tRPC and GraphQL. Each serves as a potent asset for developers in crafting applications that are resilient, scalable, and...

PT-2024-15766

Name of the Vulnerable Software and Affected Versions The Stripe Payment Plugin for WooCommerce plugin for WordPress versions up to, and including, 3.7.9 Description The issue is related to SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of...

CVE-2024-0580

Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3,...

QSIGE Security Vulnerabilities

QSIGE is an intelligent waiting management system from QSIGE, Inc. A security vulnerability exists in QSIGE that stems from omitting key control authorization, allowing an attacker to extract sensitive information from the API...

The Events Calendar < 6.2.9 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wpajaxnoprivtribedropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and I...

CVE-2024-21667

pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...

Information disclosure

pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...

CVE-2024-21667

The CVE-2024-21667 issue affects Pimcore's customer-data-framework. An authenticated user lacking proper permissions can access the GDPR data extraction endpoint at /admin/customermanagementframework/gdpr-data/search-data-objects and query the results, exposing PII. Root cause: access control not...

CVE-2024-21667 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts

pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...

CVE-2023-6921

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

Sql injection

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

CVE-2023-6921 SQL Injection in PrestaShop Google Integrator

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

CVE-2023-6921 SQL Injection in PrestaShop Google Integrator

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

CVE-2023-6921

CVE-2023-6921 refers to a blind SQL injection vulnerability in the PrestaShop addon “PrestaShow Google Integrator.” The issue arises from command insertion in a cookie, enabling data extraction and data modification. Affected software is the PrestaShow Google Integrator for PrestaShop; a known fi...