All in One SEO Pack < 4.3.0 - Contributor+ Stored XSS

The plugin does not sanitise and escape multiple parameters, which could allow users with a role as low as contributor to perform Stored XSS attacks...

GHSA-3CW5-7CXW-V5QG Dompdf vulnerable to URI validation failure on SVG parsing

Summary The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This might leads to arbitrary object unserialize on PHP tags, in src/Image/Cache.php : if $type === "svg" $parser = xmlparsercreate"utf-8"; xmlparsersetoption$parser,...

Reflected XSS - Accounting Module - Maintenance - Cleanup Stale Sessions

Description A reflected cross-site scripting XSS vulnerability exists within acct-maintenance-cleanup.php, which allows a malicious user to execute arbitrary JavaScript code. Proof of Concept 1. Navigate to /acct-maintenance-cleanup.php and enter the following payload alert1within the username...

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml

Impact Any user with the right to edit his personal page can follow one of the scenario below: Scenario 1: - Log in as a simple user with just edit rights on the user profile - Go to the user's profile - Upload an attachment in the attachment tab at the bottom of the page any image is fine - Clic...

GHSA-3G9Q-CMGV-G4P6 Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...

Apache Isis Cross-Site Scripting Vulnerability

Apache Isis is the United States Apache Apache Foundation of a framework for rapid development of domain-driven applications in Java. A cross-site scripting vulnerability exists in versions of Apache Isis prior to 2.0.0-M9, which stems from a failure to properly escape an input string when...

CVE-2022-2385

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...

Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=hfcm-list&'...

CVE-2022-34175

Jenkins 2.335 through 2.355 both inclusive allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view...

MAL-2022-7309 Malicious code in yahoo-react-input (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd1dfd6cdfece853733d5359e6a2f814426826eae33421f34d3abbe01ee6b854 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fund loss in passThruGate() of FixedPricePassThruGate becasue only some portion of user payed amount has been used and the rest of it don't returned to user

Lines of code Vulnerability details Impact If user pay extra ether for minting NFT, then those extra ethers will be locked in FixedPricePassThruGate forever. because passThruGate of FixedPricePassThruGate transfer only NFT cost to gate.beneficiary and don't return extra amount in msg.value to buy...

CVE-2022-28209

An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect...

CVE-2021-24950

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. ...

CVE-2020-12956

CVE-2020-12956 is rejected/not used; the candidate was not assigned to issues in 2020.

CVE-2021-41157

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...

Courier: Session Fixiation allow attacker to create new evil workspace without being logged in [ Insecure Session management ]

Hello, How are you, hope you are doing great in this pandemic. While testing again for the session management related bugs in your application, i found some session related issue where evil person can easily create new workspace from victims account without being logged in, that mean the session ...

CVE-2021-32761

Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis BIT command are vulnerable to integer overflow that...

ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload

The plugin contained a PHP file, allowing unauthenticated users to upload an arbitrary file anywhere on the web server. Note WPScanTeam: It's unclear which version fixed the issue exactly, however we were able to confirm the issue on version as high as v5.96 and that the related file has been...

Important: Red Hat Security Advisory: glib2 security update

An update for glib2 is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2021-3154

An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481...