WordPress MapGeo – Interactive Geo Maps plugin <= 1.6.22 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Interactive Geo Maps versions = 1.6.22...

graphql-playground

It is an offensive tool for GraphQL. This repository contains a proof-of-concept PoC exploit for a vulnerability in the GraphQL Playground, a popular IDE for GraphQL development. The exploit targets an XSS Reflection attack vulnerability in the graphql-playground-html package, which was resolved ...

CVE-2024-29812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22...

CVE-2024-34707 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages

Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the BANNERTOP, BANNERBOTTOM, and BANNERLOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at...

WordPress weForms Plugin <= 1.6.21 is vulnerable to Cross Site Scripting (XSS)

Software weForms Type Plugin Vulnerable versions = 1.6.21 Fixed in 1.6.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0386 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID db1e50c55827 Credits drop Required privilege...

Medium: memcached

Issue Overview: In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. CVE-2023-46852 In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is us...

In Memcached before 1.6.22 a buffer overflow exists when processing multiget requests in proxy mode if there are many spaces after the "get" substring.

...

SUSE CVE-2023-46852

In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring...

DEBIAN-CVE-2023-46853

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n...

PT-2023-7069 · Memcached +5 · Memcached +5

Name of the Vulnerable Software and Affected Versions: memcached versions prior to 1.6.22 Description: The issue is related to a buffer overflow in the proxy run coroutine function in memcached, which can be exploited by a remote attacker using a specially crafted HTTP request. This can lead to a...

PT-2023-7068 · Memcached +5 · Memcached +5

Name of the Vulnerable Software and Affected Versions: Memcached versions prior to 1.6.22 Description: The issue is related to an off-by-one error when processing proxy requests in proxy mode, specifically if is used instead of r . This error can be exploited by a remote attacker to execute...

CVE-2023-44487 affecting package moby-containerd for versions less than 1.6.22-2

CVE-2023-44487 affecting package moby-containerd for versions less than 1.6.22-2. A patched version of the package is available...

Cross site request forgery (csrf)

Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF...

CVE-2020-4038

GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...