WordPress Custom Post Type UI plugin <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'label' Import Parameter vulnerability discovered by type5afe in WordPress Plugin Custom Post Type UI versions = 1.18.1...

PT-2022-27484 · Jenkins · Jenkins Naginator Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Naginator Plugin versions 1.18.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Naginator Plugin does not escape display names of source builds in builds...

@dci-lint/cmd-api-server (>=0.3.0 <=0.4.0), @dci-lint/test-api-client (>=0.3.0 <=0.4.0) +46 more potentially affected by CVE-2022-36083 via jose (>=1.18.1 <=1.28.1)

jose NPM version =1.18.1, =0.3.0, =0.3.0, =0.3.0, =0.10.0-unstable.2b529f0, =0.6.1, =0.6.3, =0.6.3, =0.6.4, =0.6.3, =0.6.9, =0.6.1, =0.6.3, =0.6.3, =0.6.3, =0.6.5, =0.9.4 and more Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...

Ubiquiti Networks UniFi Protect 授权问题漏洞

Ubiquiti Networks UniFi Protect is a network video recorder from Ubiquiti Networks, Inc. A security vulnerability exists in Ubiquiti Networks UniFi Protect application version 1.18.1 and prior, which can be exploited by attackers to A malicious actor who gains access to the network can take contr...