MAL-2026-2230 Malicious code in aquasecurityofficial.trivy-vulnerability-scanner (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b This extension is a compromised version of the offical Trivy VSCode extension available on the Microsoft Marketplace. Versions 1.8.11 and...

OpenFGA Authorization Bypass

Overview OpenFGA v1.8.0 to v1.8.12 openfga-0.2.16 = Helm chart = openfga-0.2.31, v1.8.0 = docker = v.1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Am I Affected? If you are using OpenFGA v1.8.0 to v1.8.12, specifically under the following...

CVE-2025-48371 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...

CVE-2024-13228

The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubelygetcontent'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...

CVE-2024-13228

The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubelygetcontent'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...

WordPress Qubely plugin <= 1.8.13 - Authenticated (Contributor+) Sensitive Information Exposure via qubely_get_content vulnerability

Authenticated Contributor+ Sensitive Information Exposure via qubelygetcontent vulnerability discovered by Nishiv in WordPress Plugin Qubely versions = 1.8.13...

WordPress Popup Maker Plugin < 1.8.13 Authorization Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:code-atlantic:popupmaker"; ifdescription...

CVE-2022-23551 AAD Pod Identity obtaining token with backslash

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

CVE-2022-23551 AAD Pod Identity obtaining token with backslash

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

PT-2022-7109 · Microsoft · Aad Pod Identity

Name of the Vulnerable Software and Affected Versions: AAD Pod Identity versions prior to 1.8.13 Description: The issue is related to the NMI component in AAD Pod Identity, which intercepts and validates token requests based on regex. A token request made with a backslash in the request, for...

Simple SEO < 1.8.13 - Subscriber+ Sitemap Creation/Deletion

The plugin does not have authorisation check when creating and deleting sitemaps, which could allow any authenticated users, such as subscriber to create and delete them...

Etherpad Cross-Site Scripting Vulnerability

Etherpad is a web-based online document collaboration tool. Multiple users can write a text document simultaneously through Etherpad and see all participants' edits in real time.A cross-site scripting vulnerability exists in the chat component of Etherpad version 1.8.13, which can be exploited by...

Etherpad 跨站脚本漏洞

Etherpad is a web-based online document collaboration tool. Multiple users can write a text document simultaneously through Etherpad and see all participants' edits in real time.A cross-site scripting vulnerability exists in the chat component of Etherpad version 1.8.13, which can be exploited by...

PT-2019-15207

Name of the Vulnerable Software and Affected Versions Popup Maker plugin versions prior to 1.8.13 Description An issue allows an unauthenticated attacker to partially control the arguments of the do action function, invoking certain popmake or pum methods. This can be used to control content and...

MyBB Arbitrary Code Execution Vulnerability

MyBB aka MyBulletinBoard is a free and web-based forum software developed by the MyBB team using PHP and MySQL. The software is easy to use, supports multiple languages, and is extensible. installer is one of the installers. A security vulnerability exists in the installer in versions of MyBB pri...

CVE-2017-16781

The installer in MyBB before 1.8.13 has XSS...

Debian Security Advisory DSA 3727-1 (hdf5 - security update)

Cisco Talos discovered that hdf5, a file format and library for storing scientific data, contained several vulnerabilities that could lead to arbitrary code execution when handling untrusted data. OpenVAS Vulnerability Test $Id: deb3727.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated fro...

Moodle < 1.8.13 / 1.9.x < 1.9.9 Multiple Vulnerabilities

Binary data 5575.prm...