114 matches found
WordPress plugin Void Contact Form 7 Widget For Elementor Page Builder 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2023-1267
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1...
URule 代码问题漏洞
URule is a pure Java rules engine by Gao Jie youseries individual developers. URule v2.1.7 version has a security vulnerability, the vulnerability stems from the existence of XML external entity XXE vulnerability, an attacker can be exploited to exploit the vulnerability by the carefully crafted...
Lancet 路径遍历漏洞
Lancet is a comprehensive, efficient and reusable go utility library by DuDaoDong's personal developer. A path traversal vulnerability exists in Lancet v1.9.02.001 versions 2.1.10 and 1.3.4, which stems from a ZipSlip issue when extracting files using the fileutil package...
ftcms 跨站请求伪造漏洞
ftcms is a content management system from ftcms, Inc. A security vulnerability exists in ftcms version 2.1, which stems from a vulnerability in its News.php page that allows an attacker to spoof a link and trick others into clicking on a malicious link or accessing a page that contains attack cod...
PT-2022-11320 · Unknown · Validate-Color
Name of the Vulnerable Software and Affected Versions: validate-color version 2.1.0 Description: A Regular Expression Denial of Service ReDOS issue was found in the handling of crafted invalid rgba strings. Recommendations: For version 2.1.0, at the moment, there is no information about a newer...
CVE-2022-30931
Employee Leaves Management System ELMS V 2.1 is vulnerable to Cross Site Request Forgery CSRF via /myprofile.php...
Microsoft Windows Kernel 安全漏洞
Microsoft Windows Kernel is the kernel of the Windows operating system by Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Kernel. The following products and versions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based...
GHSA-VW57-55F8-C73Q Mattermost Server allows XSS via CSRF
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF...
UBUNTU-CVE-2022-29190
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...
CVE-2021-43137
Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover...
PT-2021-23750 · Unknown · Hospital Management System
Name of the Vulnerable Software and Affected Versions: hostel management system version 2.1 Description: The issue concerns Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF vulnerabilities. These vulnerabilities exist via the name field in the "my-profile.php" page. By chaining these...
PYSEC-2021-122
If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...
PT-2021-11705 · Harbor · Harbor
Name of the Vulnerable Software and Affected Versions: Harbor versions 2.0 through 2.0.4 Harbor versions 2.1.x through 2.1.1 Description: The catalog's registry API is exposed on an unauthenticated path, allowing bypass of authorization. The vulnerable API endpoint is "GET /v2/ catalog/" which ca...
Siemens Mendix Cross-Site Scripting Vulnerability
Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration capabilities. A cross-site scripting vulnerability exists in Mendix SSO version 2.1.1 and prior versions, which stems from improper HTML...
freerdp: Integer overflow in VIDEO channel
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the serve...
DEBIAN-CVE-2020-11043
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfxprocessmessagetileset. Invalid data fed to RFX decoder results in garbage on screen as colors. This has been patched in 2.1.0...
UBUNTU-CVE-2020-11038
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the serve...
Magento Input Validation Error Vulnerability (CNVD-2019-44999)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. An input validation error vulnerability exists in Magento versions 2.3.1 before 2.3, 2.2.8 before 2.2, and 2.1.17...
PT-2019-7492 · Pippin Williamson · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...