4963 matches found
WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes
Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to an improper capability check on the 'pricingplans', 'blockdate', 'managerbookings', and 'updatefieldroom' functions for the 'pricing-plans', 'block-date',...
Tainacan < 0.20.8 - Missing Authorization
Description The Tainacan plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 0.20.7. This makes it possible for unauthenticated attackers to perform unauthorized actions...
CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure
Description The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...
Elasticsearch 8.4.0 < 8.11.1 DoS (ESA-2024-05)
The version of Elasticsearch installed on the remote host is between 8.4.0 and prior to 8.11.1. It is, therefore, affected by a denial of service DoS vulnerability, due to an uncaught exception that occurs when an encrypted PDF is passed to an attachment processor through the REST API. The...
VolWeb - A Centralized And Enhanced Memory Analysis Platform
VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework. It is dedicated to aiding in investigations and incident responses. Objective The goal of VolWeb is to enhance the efficiency of memory collection and forensic analysis by providing a...
CVE-2024-23449
A flaw was found in the Elasticsearch package. An uncaught exception occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with...
CVE-2024-3078
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...
CVE-2024-3078 Qdrant Full Snapshot REST API snapshots.rs path traversal
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...
CVE-2024-3078 Qdrant Full Snapshot REST API snapshots.rs path traversal
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...
CVE-2024-3078
CVE-2024-3078 affects Qdrant prior to 1.8.3 (versions up to 1.6.1, 1.7.4, 1.8.2) and stems from path traversal in the Full Snapshot REST API handler (lib/collection/src/collection/snapshots.rs). The vulnerability allows traversal of filesystem paths due to the processing logic described in multip...
Elasticsearch Uncaught Exception leading to crash
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
CVE-2024-23449
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
CVE-2024-23449
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
UBUNTU-CVE-2024-23449
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
CVE-2024-23449
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
CVE-2024-23449
CVE-2024-23449 affects Elasticsearch: versions 8.4.0 up to (but not including) 8.11.1 are vulnerable to an uncaught exception when an encrypted PDF is passed to the REST API’s attachment processor, causing the ingest node to crash. The issue does not occur with password-protected or unencrypted P...
CVE-2024-23449 Elasticsearch Uncaught Exception
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
Elasticsearch 8.11.1 Security Update (ESA-2024-05)
Elasticsearch Uncaught Exception ESA-2024-05 An uncaught exception in Elasticsearch = 8.4.0 and = 8.4.0 and 8.11.1 Solutions and Mitigations: The issue is resolved in version 8.11.1. This requires the attachment processor to be enabled. Users unable to upgrade can ensure that the attachment...
CVE-2024-0913
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to insufficient escapi...
CVE-2024-0913
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to insufficient escapi...