WordPress plugin Download Monitor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin ShopWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

VulnCheck KEV: CVE-2019-25214

The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as...

Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus

CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vuln...

Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus

CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vulner...

CVE-2024-9707

The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...

CVE-2024-9707 Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation

The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...

CVE-2024-9707

CVE-2024-9707 covers the Hunk Companion WordPress plugin (v1.8.4 and earlier). Multiple sources confirm a missing capability check on the REST endpoint /wp-json/hc/v1/themehunk-import, allowing unauthenticated attackers to install/activate arbitrary plugins and potentially trigger remote code exe...

CVE-2024-3656 Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...

CVE-2024-47161

CVE-2024-47161 affects JetBrains TeamCity prior to 2024.07.3. The vulnerability allows password disclosure via the Sonar runner REST API. Root cause and exact impacted components are not detailed in the provided documents beyond the general description. Impact is described as confidential data ex...

Axis Communications Autodesk Plugin AzureBlobRestAPI axiscontentfiles Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a cloud resource. The issue results from allowi...

BIT-JENKINS-2024-47804

If an attempt is made to create an item of a type prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API and either of these checks fail, Jenkins LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk,...

Jenkins LTS < 2.462.3 / Jenkins weekly < 2.479 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.462.3 or Jenkins weekly prior to 2.479. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact...

Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

GHSA-62JV-J4W7-5HH8 Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

CVE-2024-20477

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could...

CVE-2024-20477

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could...