537 matches found
PT-2025-5046 · Unknown · Raymonddesign Post & Page Notes
Name of the Vulnerable Software and Affected Versions: RaymondDesign Post & Page Notes versions 0.1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...
WordPress plugin Urdu Formatter – Shamil 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CVE-2024-39025
Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data...
Playloom Engine 信息泄露漏洞
Playloom Engine is an open source, high-performance game development engine from Quetro Personal Developers. It is designed to help developers create immersive 2D and 3D games. An information disclosure vulnerability exists in Playloom Engine version v0.0.1. The vulnerability stems from the...
RAGFlow 安全漏洞
RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.13.0, which stems from improper access control of document-hooks.ts and allows unauthorized access to user documents...
KMQTT 安全漏洞
KMQTT is a Kotlin multi-platform MQTT 3.1.1/5.0 client and proxy from the individual developer Davide Pianca. A security vulnerability exists in KMQTT version v0.4.8 that stems from allowing an attacker to cause a denial of service via a crafted request...
WordPress plugin Amazon Associate Filter 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2024-10311
The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edbaadminhandle' function. This makes it possible for authenticated attackers, with subscriber-level permissions...
WordPress plugin External Database Based Actions 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress plugin...
PT-2024-35215 · Labs64 · Digipass
Name of the Vulnerable Software and Affected Versions: DigiPass versions 0.3.0 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows Absolute Path Traversal in Labs64 DigiPass. Recommendations:...
WordPress plugin Widget or Sidebar Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
WordPress Widget or Sidebar Shortcode plugin <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin Widget or Sidebar Shortcode versions = 0.6.1...
PYSEC-2024-299
Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block...
FreeCoAP 安全漏洞
FreeCoAP is a C implementation of the CoAP server, client, and HTTP/CoAP proxy by Keith Cullen, a private developer. A security vulnerability exists in FreeCoAP version 0.7, which stems from a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code or cause a...
CVE-2024-31197
Improper Null Termination vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of10::Port:unpack. This issue affects libfluid: 0.1.0...
PT-2024-20172
Name of the Vulnerable Software and Affected Versions libfluid version 0.1.0 Description The issue is related to an Unchecked Return Value to NULL Pointer Dereference vulnerability in the Open Networking Foundation ONF libfluid, specifically in the libfluid msg module. This vulnerability is...
PT-2024-23827 · Open Networking Foundation · Libfluid
Name of the Vulnerable Software and Affected Versions: libfluid version 0.1.0 Description: The issue is related to an Unchecked Return Value to NULL Pointer Dereference vulnerability in the libfluid msg module of the Open Networking Foundation ONF libfluid. This vulnerability is associated with t...
WordPress Posts reminder plugin <= 0.20 - Settings Update via CSRF vulnerability
Settings Update via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Posts reminder versions = 0.20...
CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG
In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...
filestash 安全漏洞
filestash is a Dropbox-like file manager by the individual developer Mickael. A security vulnerability exists in filestash v0.4, which stems from a TLS certificate validation being skipped when using the FTPS protocol. An attacker can perform a man-in-the-middle attack via the Init function of...