WordPress plugin Local Syndication 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

Information Exposure

Overview org.apache.maven.scm:maven-scm-providers-git is a SCM Provider implementation for Git Affected versions of this package are vulnerable to Information Exposure due to improper handling of passwords in different components. When a git password contains special characters, a discrepancy in...

PT-2024-28626 · Fedify · Fedify

Name of the Vulnerable Software and Affected Versions: Fedify versions prior to 0.9.2, 0.10.1, or 0.11.1 Description: The issue is related to a Server Side Request Forgery attack. When Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the...

CVE-2023-1938

The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wpremoteget function, leading to a Blind SSRF issue...

UBUNTU-CVE-2022-45414

If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block...

karaf: A remote client could create MBeans from arbitrary URLs

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

USN-4365-1 bind9 vulnerabilities

Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. CVE-2020-8616 Tobias...

PYSEC-2019-114

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...