7 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the certificate issuance/auto-certification flows in api/certificate/issue.go and api/sites/autocert.go, and JSON field encryption migration in the internal/migrate. An attacker c...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the certificate issuance/auto-certification flows in api/certificate/issue.go and api/sites/autocert.go, and JSON field encryption migration in the internal/migrate. An attacker c...
PT-2024-30454 · WordPress · Wpforo Forum
Name of the Vulnerable Software and Affected Versions: wpForo Forum versions through 2.3.4 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. It affects the wpForo Forum plugin. Users are urged to upgrade to mitigate risks. Recommendations: For...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via MsQuic.dll, allowing a peer to allocate small chunks of memory as long as a connection stays alive. Note: This issue only affects Windows systems. Details Denial of Service DoS describes a family of attacks, al...
PT-2023-10286 · WordPress · Simplr Registration Form Plus+
Name of the Vulnerable Software and Affected Versions: Simplr Registration Form Plus+ Plugin versions up to 2.3.4 Description: A vulnerability was found in the Simplr Registration Form Plus+ Plugin, which affects some unknown processing and leads to cross-site scripting. The attack may be initiat...
PT-2022-24820 · Sftpgo · Sftpgo
Name of the Vulnerable Software and Affected Versions: SFTPGo versions prior to 2.3.5 Description: SFTPGo is an SFTP server written in Go. The SFTPGo WebClient is subject to Cross-site scripting XSS vulnerabilities, allowing remote attackers to inject malicious code. This issue is patched in...
PT-2022-3256 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.0.0 through 2.4.0 Argo CD versions 2.1.0 through 2.1.15 Argo CD versions 2.2.0 through 2.2.9 Argo CD versions 2.3.0 through 2.3.4 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The...