WordPress plugin Just Variables 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2025-27097 Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...

Malicious code in linter-coffee-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 292d0ff0a104c6e415fc2ea734ec189f699d6aecb4383502759e2053adddfb45 The OpenSSF Package Analysis project identified 'linter-coffee-variables' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2025-1389 Malicious code in linter-coffee-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 292d0ff0a104c6e415fc2ea734ec189f699d6aecb4383502759e2053adddfb45 The OpenSSF Package Analysis project identified 'linter-coffee-variables' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

CVE-2024-12651

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0...

CVE-2024-12651

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0...

CVE-2024-12651

CVE-2024-12651 affects the PTT HGS Mobile App prior to version 6.5.0. The issue is an Exposed Dangerous Method or Function vulnerability that allows manipulating user-controlled variables. The NVD/NIST record lists a CVSS v3.1 base score of 8.5 (HIGH) with Network attack vector, Low privileges re...

CVE-2024-12651 Sensitive Data Exposure in PTT Inc.'s HGS Mobile App

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0...

CVE-2024-12651 Sensitive Data Exposure in PTT Inc.'s HGS Mobile App

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0...

SUSE CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

PTT HGS Mobile App 安全漏洞

PTT HGS Mobile App is a mobile application from PTT Turkey that is used to facilitate the management and payment of Highway Electronic Toll Collection System HGS fees. A security vulnerability exists in PTT HGS Mobile App versions prior to 6.5.0, which stems from the presence of a vulnerability...

K000149702: PostgreSQL vulnerabilities CVE-2024-10977 and CVE-2024-10979

Security Advisory Description CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a...

BIT-SUPERSET-2020-13948

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

CVE-2024-23159

A maliciously crafted STP file, when parsed in stpaimx64vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process...

CVE-2024-23137

A maliciously crafted STP or SLDPRT file, when parsed in ODXSWDLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process...

CVE-2024-5751

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...

CVE-2024-45711

SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication...

CVE-2024-24914

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available...

CVE-2024-4264

A remote code execution RCE vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the eval function unsafely in the litellm.getsecret method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the eval function...

CVE-2025-22205 Extension - admiror-design-studio.com - Path traversal in the Admiror Gallery 4.x component for Joomla

Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x...