Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

CVE-2025-64255

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.0.8...

EUVD-2014-5387

Malware in sbrugna...

Ergon Informatik AG Airlock IAM 安全漏洞

Ergon Informatik AG Airlock IAM is a secure access management system from Ergon Informatik AG, Switzerland. A security vulnerability exists in Ergon Informatik AG Airlock IAM, which stems from a difference in password reset time and could lead to username enumeration. The following versions are...

CVE-2024-13829

CVE-2024-13829 affects the WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto, vulnerable in all versions up to and including 8.0.8 via the attachments.php handling. The vulnerability enables unauthenticated attackers to extract sensitive data, including files uploade...

CVE-2024-13829 WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure

The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.0.8 via the 'attachments.php' file. This makes it possible for unauthenticated attackers to extract...

WordPress plugin Tripetto 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-x64 to version 8.0.8...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 8.0.8...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 8.0...

PT-2024-4409 · Unknown · Edu-Sharing

Name of the Vulnerable Software and Affected Versions: edu-sharing versions 8.0.8-RC2, 8.1.4-RC0, 9.0.0-RC19 can be simplified to: edu-sharing versions prior to 8.0.8-RC2, 8.1.4-RC0, and 9.0.0-RC19 However, given the instruction to consolidate ranges into the most concise form and considering the...

AnyDesk < 8.0.8 Invalidated Signing Certificate

A security update as been issued by the vendor advising their code signing certificate has changed on product versions less than 8.0.8. The vendor recommends updating to the latest version as the previous certificate will soon be invalidated. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

Amazon Linux 2 : php (ALASPHP8.0-2023-008)

The version of php installed on the remote host is prior to 8.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-008 advisory. Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a...

WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Recipe Maker For Your Food Blog from Zip Recipes Type Plugin Vulnerable versions = 8.0.7 Fixed in 8.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35089 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

WordPress Plugin Quiz And Survey Master 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Quiz And Survey Master 8.0.8 Media Deletion

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Missing Authentication for Critical Function CWE-306 Date found: 2023-01-13 Date published: 2023-02-0...

WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Cross-Site Request Forgery CSRF CWE-352 Date found: 2023-01-13 Date published: 2023-02-08 CVSSv3 Scor...

WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.7 Fixed in 8.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46862 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bcb98ded3ded Credits Oliver K...

CVE-2020-2943

Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications component: User Interface. Supported versions that are affected are 8.0.7 and 8.0.8. Easily exploitable vulnerability allows low privileged attacker with...

Unspecified Vulnerability in Oracle Hospitality Cruise Shipboard Property Management System

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hospitality management from Oracle Corporation. The solution provides human resource cost management, tracking and management of services throughout a customer's journey to improve customer...