PT-2024-35284 · Unknown · Opal Woo Custom Product Variation

Name of the Vulnerable Software and Affected Versions: Opal Woo Custom Product Variation versions 1.1.3 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in Opal Woo Custo...

WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Opal Woo Custom Product Variation versions = 1.1.3...

WordPress Opal Woo Custom Product Variation Plugin <= 1.1.3 is vulnerable to Arbitrary File Deletion

Software Opal Woo Custom Product Variation Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Deletion CVE CVE-2024-52444 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID aa758dfd0ef1 Credits...

CVE-2024-48047

Cross-Site Request Forgery CSRF vulnerability in Razon Komar Pal Linked Variation for WooCommerce linked-variation-for-woocommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through = 1.0.5...

CVE-2024-48047

CVE-2024-48047 is a CSRF vulnerability in the WordPress plugin “Linked Variation for WooCommerce” affecting versions up to 1.0.5. The issue allows unauthorized actions to be forged via CSRF, as reported in CVE sources (NVD, Red Hat, CVE lists) and echoed by Patchstack. The CVSS base metrics repor...

WordPress plugin Linked Variation for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2024-32966 · Woocommerce · Linked Variation For Woocommerce

Name of the Vulnerable Software and Affected Versions: Linked Variation for WooCommerce versions 1.0.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by...

WordPress Linked Variation for WooCommerce plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Marek Mikita Patchstack Alliance in WordPress Plugin Linked Variation for WooCommerce versions = 1.0.5...

WordPress Linked Variation for WooCommerce Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Linked Variation for WooCommerce Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-48047 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 314234821b77 Credits Marek Mikita...

OESA-2024-1772 golang security update

The Go Programming Language. Security Fixes: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading t...

golang: net/mail: comments in display names are incorrectly handled

A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...

GHSA-3MWC-2CJ7-GX8C lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management

Withdrawn: This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that package. In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datase...

UBUNTU-CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

SUSE CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

PT-2024-28414 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.3 Description: The issue arises from the plugin not properly checking all variations of an administrator's email, allowing unauthenticated attackers to...

pqc_kyber KyberSlash: division timings depending on secrets

Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...

RUSTSEC-2023-0079 KyberSlash: division timings depending on secrets

Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...

ModuleShifting - Stealthier Variation Of Module Stomping And Module Overloading Injection Techniques That Reduces Memory IoCs

ModuleShifting is stealthier variation of Module Stomping and Module overloading injection technique. It is actually implemented in Python ctypes so that it can be executed fully in memory via a Python interpreter and Pyramid, thus avoiding the usage of compiled loaders. The technique can be used...

Threat landscape for industrial automation systems. Statistics for H1 2023

Global threat statistics In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%. Percentage of ICS computers on which malicious objects were blocked, by half year That said, he percentage of attacked ICS...

CVE-2023-37975

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin = 2.3.7 versions...