PT-2024-24450 · Jizhicms · Jizhicms

Name of the Vulnerable Software and Affected Versions: jizhiCMS version 2.5 Description: The issue is related to a file upload vulnerability. Recommendations: For jizhiCMS version 2.5, update to a version that includes a fix for this issue, if available. At the moment, there is no information abo...

WordPress Kanban Boards for WordPress plugin <= 2.5.21 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Kanban Boards for WordPress versions = 2.5.21...

PT-2024-18845 · WordPress · Weglot

Name of the Vulnerable Software and Affected Versions: Translate WordPress and go Multilingual – Weglot plugin for WordPress versions up to, and including, 4.2.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widget/block due to insufficient input sanitization a...

WordPress Plugin Page Restrict Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Intel Ethernet Adapters and Intel Ethernet Controller I225 Manageability firmware security vulnerability

Intel Ethernet Adapters and Intel Ethernet Controllers are products of Intel Corporation, USA. Intel Ethernet Adapters are Ethernet adapters. Intel Ethernet Controllers are Ethernet controllers. Intel Ethernet Adapters and Intel Ethernet Controllers are products of Intel Corporation. A security...

SUSE CVE-2024-23807

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...

Concrete CMS Cross-Site Scripting Vulnerability

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A cross-site scripting vulnerability exists in Concrete CMS version 9.x prior to 9.2.5, which stems from insufficient data validation and is susceptible to reflective...

PT-2024-17609 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.2.4 Description: The issue is related to stored XSS via the Role Name field due to insufficient validation of administrator-provided data. A rogue administrator could inject malicious code into the Role...

PT-2024-16405 · Unknown · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: HTML5 Video Player version 2.5.25 Description: The issue is an unauthenticated SQL injection vulnerability. It affects the id parameter in the get view function. Recommendations: For version 2.5.25, update to version 2.5.25 or later to resolv...

GHSA-WJ6H-64FC-37MP Minerva timing attack on P-256 in python-ecdsa

python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from improper handling of request URLs, which allows users to load unallowed application pages...

CVE-2023-38513

Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine Media Organizer & Lightroom.This issue affects Photo Engine Media Organizer & Lightroom: from n/a through 6.2.5...

CVE-2023-48764

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection – Stop Brute Force Attacks: from n/a through 2.2.5...

CVE-2023-48967

Ssolon = 2.6.0 and =2.5.12 is vulnerable to Deserialization of Untrusted Data...

Solon Security Vulnerabilities

Solon is a new ecological application development framework for Java for noear individual developers in China. A security vulnerability exists in Solon versions 2.6.x through 2.6.0 and 2.5.x through 2.5.12, which arises from a process that allows data to be received from untrusted sources and...

CVE-2023-4214

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit...

CVE-2023-22719

Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 6.2.5, which stems from a problem with the card reader driver, where objects may go beyond the end of their...

Tencent WeChat Security Breach

Tencent WeChat 微信 is an online social networking application from the Chinese company Tencent. The program supports sending voice messages, videos, pictures, and texts. A security vulnerability exists in Tencent Wechat Privatization version 2.5.x and version 2.6.930000, which stems from the...

AZL-31327 CVE-2023-44487 affecting package moby-compose for versions less than 2.17.2-5

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...