CVE-2022-26694

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data...

CVE-2022-26693

CVE-2022-26693 (macOS Monterey 12.4) : A vulnerability in Preview allows a plug-in to inherit the parent application's permissions and access user data. Apple fixed this by updating Monterey to 12.4; ongoing risk details (exploitation, vectors) are not provided in the supplied documents. Remediat...

CVE-2022-21827

An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows Citrix Secure Access for Windows 21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM...

CVE-2022-21827

CVE-2022-21827 affects Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) prior to version 21.9.1.2. An attacker with local access to a machine running the vulnerable plug-in can corrupt or delete files as SYSTEM due to improper privilege/access control. Affected product: Citri...

Jenkins Maven Release Plug-in Plugin XXE vulnerability

Jenkins Maven Release Plug-in Plugin retrieves XML from Nexus repository manager APIs. Maven Release Plug-in Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. While Jenkins users without Overall/Administer permission are not allowed to configu...

GHSA-7MF5-79GV-66GH Jenkins Maven Release Plug-in Plugin XXE vulnerability

Jenkins Maven Release Plug-in Plugin retrieves XML from Nexus repository manager APIs. Maven Release Plug-in Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. While Jenkins users without Overall/Administer permission are not allowed to configu...

Jenkins Maven Release Plug-in Plugin stored credentials in plain text

Jenkins Maven Release Plug-in Plugin stored credentials unencrypted in its global configuration file org.jvnet.hudson.plugins.m2release.M2ReleaseBuildWrapper.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Maven Release...

WordPress BulletProof Securitys plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress BulletProof Securitys plugin versions prior to 6.1 have a cross-site scripting vulnerability that...

WordPress VikBooking Hotel Booking Engine

WordPress is a suite of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. PHP is a scripting language that executes on the server side. WordPress VikBooking Hotel Booking Engine...

Design/Logic Flaw

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

CVE-2022-1726

CVE-2022-1726 is a cross-site scripting vulnerability in the Bootstrap Table project when using the Table Export plug-in with exportOptions: htmlContent enabled, in versions prior to 1.20.2. The issue affects the Bootstrap Table code path (wenzhixin/bootstrap-table) and is disclosed as capable of...

CVE-2022-1726 Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in wenzhixin/bootstrap-table

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

CVE-2022-1726

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

Security Bulletin: IBM Security Verify Password Synchronization Plug-in for Windows AD affected by multiple vulnerabilities (CVE-2021-20488, CVE-2021-20494, CVE-2021-20572, CVE-2021-20573, CVE-2021-20574)

Summary IBM has announced a release for IBM Security Verify Password Synchronization Plug-in for Windows AD to address several security vulnerabilities. The vulnerabilities concern denial of service and account take over. Vulnerability Details CVEID: CVE-2021-20572 DESCRIPTION: IBM Security...

RCE in SiteServer CMS

SiteServer CMS v7.x, which SiteServer UI relies on, allows attackers to execute arbitrary code via a crafted plug-in...

GHSA-Q469-J32F-H7VM RCE in SiteServer CMS

SiteServer CMS v7.x, which SiteServer UI relies on, allows attackers to execute arbitrary code via a crafted plug-in...

CVE-2022-28118

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in...

CVE-2022-28118

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in...

CVE-2022-22323

IBM Security Identity Manager IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of servic...

CVE-2022-22323

IBM Security Identity Manager IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of servic...