36104 matches found
PT-2024-8000 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: The issue is related to a lack of password recovery mechanism in the GLPI system, which can be exploited by a remote attacker to bypass existing security restrictions. An administrator with acce...
CVE-2024-7877
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...
CVE-2024-7877
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...
CVE-2024-7877 Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...
CVE-2024-7877 Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...
CVE-2024-7877
CVE-2024-7877 concerns the WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments (versions prior to 1.6.7.55). The issue arises from inadequate sanitization/escaping of certain Notification settings, enabling stored Cross-Site Scripting (XSS) by authenticated users with adm...
PT-2024-38653 · WordPress · The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
Name of the Vulnerable Software and Affected Versions: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin versions prior to 1.6.7.55 Description: The issue is related to the lack of sanitization and escaping of some Notification settings in the plugin,...
zero-day
Zero-Day Vulnerabilities in Open-Source Projects This reposi...
Patch now! New Chrome update for two critical vulnerabilities
Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically...
CVE-2024-10377 ESAFENET CDG DecryptApplicationService.java actionPassDecryptApplication1 sql injection
A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiate...
CVE-2024-9686
The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfwsendtestmessage' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test messa...
CVE-2024-9686
CVE-2024-9686 affects the WordPress plugin “Order Notification for Telegram” (
PT-2024-39762 · WordPress · Order Notification For Telegram
Name of the Vulnerable Software and Affected Versions: The Order Notification for Telegram plugin for WordPress versions up to, and including, 1.0.1 Description: The issue allows unauthorized test message sending due to a missing capability check on the nktgnfw send test message function. This...
WordPress plugin Order Notification for Telegram 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Order Notification for Telegram plugin <= 1.0.1 - Missing Authorization to Unauthenticated Send Telegram Test Message vulnerability
Missing Authorization to Unauthenticated Send Telegram Test Message vulnerability discovered by István Márton in WordPress Plugin Order Notification for Telegram versions = 1.0.1...
CVE-2024-10327
A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...
CVE-2024-10327
A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...
CVE-2024-10327
CVE-2024-10327 affects Okta Verify for iOS 9.25.1 (beta)–9.27.0 (including beta). The vulnerability allows push notification responses via the iOS ContextExtension to authenticate regardless of user choice, across scenarios: locked-screen replies, home-screen drag-and-reply, and Apple Watch repli...
CVE-2024-10327
A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...
CVE-2024-6049
creationtimestamp| type| source ---|---|--- 2024-10-24 10:57:52+00:00| seen| https://t.me/cvedetector/8778...