34 matches found
WordPress aBlocks plugin < 2.9.1 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin aBlocks versions 2.9.1...
WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Evan NR in WordPress Plugin iNET Webkit versions 1.2.4...
WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.9...
WordPress GeoDirectory plugin <= 2.8.157 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Evan in WordPress Plugin GeoDirectory versions = 2.8.157...
WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerability
Payment Bypass vulnerability discovered by Evan in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.14...
WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Evan in WordPress Plugin Salon booking system versions = 10.30.25...
PT-2025-50011
Missing Authorization vulnerability in Evan Herman Post Cloner post-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Cloner: from n/a through = 1.0.0...
WordPress Flag Icons plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Caesar Evan Santoso in WordPress Plugin Flag Icons versions = 2.2...
WordPress Keep Backup Daily plugin <= 2.1.0 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Keep Backup Daily versions = 2.1.0...
WordPress Slides & Presentations Plugin <= 0.0.39 - Content Injection vulnerability
Content Injection vulnerability discovered by Caesar Evan Santoso in WordPress Plugin Slides & Presentations versions = 0.0.39...
WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Content Blocks Builder versions = 2.7.6...
WordPress Slides & Presentations Plugin <= 0.0.39 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Slides & Presentations versions = 0.0.39...
WordPress Slides & Presentations Plugin <= 0.0.39 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Slides & Presentations versions = 0.0.39...
WordPress Virtual Bot Plugin <= 1.0.0 - CSRF Cross Site Scripting (XSS) vulnerability
CSRF Cross Site Scripting XSS vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Virtual Bot versions = 1.0.0...
WordPress Virtual Bot Plugin <= 1.0.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Virtual Bot versions = 1.0.0...
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 CVSS score: 8.5, the vulnerability has been described as an information disclosure bug stemming from a...
aries-askar (=0.1.2), indy-credx (>=0.2.0 <=0.3.1) +5 more potentially affected by CVE-2024-21670 via ursa (>=0.3.6 <=0.3.7)
ursa CARGO version =0.3.6, =0.2.0, =0.5.0, =0.3.1, =0.1.0, =0.1.0, =0.0.6, =0.0.8 Source cves: CVE-2024-21670 Source advisory: OSV:GHSA-R78F-4Q2Q-HVV4...
aries-askar (=0.1.2), indy-credx (>=0.2.0 <=0.3.1) +5 more potentially affected by CVE-2024-22192 via ursa (>=0.3.6 <=0.3.7)
ursa CARGO version =0.3.6, =0.2.0, =0.5.0, =0.3.1, =0.1.0, =0.1.0, =0.0.6, =0.0.8 Source cves: CVE-2024-22192 Source advisory: OSV:GHSA-6698-MHXX-R84G...
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
Impact What kind of vulnerability is it? Who is impacted? This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::initfromslice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Initializati...
Rust-WebSocket memory allocation based on untrusted length
Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...