77 matches found
CVE-2023-27525
An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1...
WordPress Wigi <= 2.0.1 - Arbitrary File Upload Vulnerability
Arbitrary File Upload Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Theme Wigi versions = 2.0.1...
WordPress IE CSS3 Support Plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin IE CSS3 Support versions = 2.0.1...
CVE-2024-49672
Cross-Site Request Forgery CSRF vulnerability in giffordcheung Google Docs RSVP google-docs-rsvp-guestlist allows Stored XSS.This issue affects Google Docs RSVP: from n/a through = 2.0.1...
WordPress G Web Pro Store Locator plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin G Web Pro Store Locator versions = 2.0.1...
WordPress plugin My IDX Home Search 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...
WordPress Devexhub Gallery plugin <= 2.0.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Devexhub Gallery versions = 2.0.1...
CVE-2024-10180
The Contact Form 7 – Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fieldgroup shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-9361
The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveconfiguration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticate...
WordPress Demo Importer Plus plugin <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Demo Importer Plus versions = 2.0.1...
Reedos aiM-Star 安全漏洞
Reedos aiM-Star is a software product from Reedos for mutual fund distribution. A security vulnerability exists in Reedos aiM-Star version 2.0.1, which stems from the lack of a restriction on excessive failed authentication attempts for API-based logins, which could lead to unauthorized access an...
WordPress Product Table by WBW plugin <= 2.0.1 - Unauthenticated Remote Code Execution vulnerability
Unauthenticated Remote Code Execution vulnerability discovered by Foxyyy in WordPress Plugin Product Table by WBW versions = 2.0.1...
ORing IAP-420 跨站脚本漏洞
The ORing Net IAP-420+ is a wireless access point from China Power ORing. A security vulnerability exists in ORing IAP-420 version 2.01e and prior versions, which stems from a lack of input validation and operating system command integration for input in the web interface, resulting in command...
Apollo Authorization Issues Vulnerabilities
Apollo is a set of PHP scripts by Alex Breen, an individual developer. It is intended to provide a web-based interface for students to upload course assignments. An authorization issue vulnerability exists in Apollo versions 2.0.0 and 2.0.1, which stems from the inclusion of unknown functions in...
Malicious code in flink-dashboard (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e9f73b295599c7e74ec00ae60260502674bcb6b7077f1845295691fee703495 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
JTEKT ELECTRONICS OnSinView2 Buffer Error Vulnerability
JTEKT ELECTRONICS OnSinView2 is an application from JTEKT ELECTRONICS, Inc. A security vulnerability exists in JTEKT ELECTRONICS OnSinView2 version 2.0.1 and prior versions, which stems from an improperly restricted operation within a memory buffer. The vulnerability can be exploited by an attack...
CVE-2023-38679
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0008, Tecnomatix Plant Simulation V2302 All versions V2302.0002. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. Thi...
PT-2023-25719 · Livelyworks · Livelyworks Articart
Name of the Vulnerable Software and Affected Versions: LivelyWorks Articart version 2.0.1 Description: A vulnerability has been found in LivelyWorks Articart, affecting an unknown functionality of the file "/items/search". The manipulation of the search term argument leads to cross-site scripting...
PYSEC-2023-70
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...
Intel CVAT 代码问题漏洞
CVAT is an interactive video and image annotation tool for computer vision. A security vulnerability exists in IntelR CVAT prior to version 2.0.1, which can be exploited by an attacker to disclose information via network access hidden enablement...