9 matches found
CVE-2023-0234
The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue...
PYSEC-2024-52
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...
PT-2024-27665
Name of the Vulnerable Software and Affected Versions lepture Authlib versions prior to 1.3.1 Description The issue concerns algorithm confusion with asymmetric public keys in lepture Authlib. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric...
CVE-2023-41738
Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Directory Domain Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors...
Silicon Labs Unify Gateway 缓冲区错误漏洞
Silicon Labs Unify Gateway is a gateway device in an Internet of Things IoT solution from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs Unify Gateway version 1.3.1 and prior versions, which originates from a stack buffer overflow that can lead to arbitrary code execution...
CVE-2023-0234
The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL. parent WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability...
PT-2018-16143 · Npm · Mixin-Deep
Name of the Vulnerable Software and Affected Versions: mixin-deep versions prior to 1.3.1 Description: The issue allows a malicious user to modify the prototype of Object via proto , causing the addition or modification of an existing property that will exist on all objects. This is achieved...
PT-2010-5519 · Jxtended · Jxtended Comments
Name of the Vulnerable Software and Affected Versions: JXtended Comments component versions prior to 1.3.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting XSS attacks. Recommendations: For versio...