EUVD-2018-7482

Malware in sbrugna...

EUVD-2019-19211

Malware in sbrugna...

EUVD-2022-37868

Malicious code in bioql PyPI...

EUVD-2023-31836

Malicious code in bioql PyPI...

EUVD-2022-6669

Malicious code in bioql PyPI...

Graylog 授权问题漏洞

Graylog is a centralized log management solution from Graylog, Inc. in the United States. The product supports capturing, storing, and analyzing logs in real time, among other things. An authorization issue vulnerability exists in Graylog versions prior to 6.2.0 to 6.2.4 and 6.3.0-alpha.1 to...

WordPress plugin Simple User Registration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-49755

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even...

CVE-2022-44574

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port...

PT-2025-2625 · Hcl · Hcl Myxalytics

Name of the Vulnerable Software and Affected Versions: HCL MyXalytics version 6.3 Description: The issue is related to weak input validation in the application, which accepts special characters and lacks length validation. This weakness can potentially lead to security issues such as SQL injectio...

CVE-2024-49755

Duende IdentityServer (ASP.NET Core) Local API authentication handler improperly validates the cnf claim in DPoP access tokens. This lets an attacker use leaked DPoP tokens at local API endpoints without the private key, affecting only endpoints explicitly using LocalApiAuthenticationHandler for ...

CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

CVE-2024-31111

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,...

WordPress plugin Advanced Custom Fields security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPre...

WordPress Advanced Custom Fields Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5beab9ff85fb Credits Scott Kingsley Clark...

Silverpeas 安全漏洞

Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas version 6.3, which stems from vulnerability to cross-site scripting XSS attacks...

Fortinet FortiWeb Path traversal via browse report CGI component (FG-IR-22-142)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-142 advisory. - A relative path traversal vulnerability CWE-23 in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-5868)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-5868 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when...

CVE-2024-30866

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php...

PT-2024-23636 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue concerns a SQL injection vulnerability. It can be exploited via the "/admin/config ISCGroupSSLCert.php" API endpoint. This could potentially allow for remote attacks. Recommendations: For...