Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI 2.3.3 and earlier have security vulnerabilities. These vulnerabilities stem from insecure direct object references, allowing any authenticated user to access, modify, and delete resources of other users...

vproxy 数字错误漏洞

vproxy is a high performance HTTP/HTTPS/SOCKS5 proxy server software by 0x676e67 individual developer. A numeric error vulnerability exists in vproxy 2.3.3 and earlier versions, which stems from the handling of the Proxy-Authorization header that can lead to a divide-by-zero crash, resulting in a...

WordPress plugin Actionwear products sync SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2023-38714

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system...

WordPress plugin Post Grid and Gutenberg Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Click to Chat – WP Support All-in-One Floating Widget versions = 2.3.3...

PT-2024-25564 · Ilghera · Jw Player For Wordpress

Name of the Vulnerable Software and Affected Versions: JW Player for WordPress versions 2.3.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the ilGhera JW Player for WordPress. Recommendations: For versions 2.3.3 and earlier, update to a version that...

PT-2024-22922 · WordPress · Favorites

Name of the Vulnerable Software and Affected Versions: The Favorites plugin for WordPress versions up to, and including, 2.3.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'user favorites' shortcode due to insufficient input sanitization and output escaping on...

WordPress Plugin Favorites 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-14182 · Hasthemes · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HasThemes HT Mega – Absolute Addons For Elementor versions through 2.3.3 Description: A Cross-Site Request Forgery CSRF issue affects the specified software, allowing unauthorized actions to be performed on behalf of a user without their...

PT-2022-24176 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.2.4 through 2.3.3 Description: The issue concerns the database webserver session backend, which was susceptible to session fixation. This means an attacker could potentially fixate a session ID on a user's browser,...

AZL-6433 CVE-2021-40812 affecting package gd for versions less than 2.3.3-1

The GD Graphics Library aka LibGD through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks...

Google TensorFlow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which can be exploited by an attacker to trigger undefined behavior via a null pointer bound to...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which can be exploited by an attacker to cause a read to exceed the bounds of the heap allocation data...

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which can be exploited by an attacker to cause a denial of service via a failure from the implementation of CHECK...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4 suffers from an input validation error vulnerability that can be exploited by an attacker to cause a denial of service...

Google TensorFlow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code issue vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which can be exploited by an attacker to cause dereferencing of null pointers...

CVE-2021-23274

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected syste...

Magento Untrusted Data Deserialization Vulnerability

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. An untrusted data deserialization vulnerability exists in Magento versions 2.3.3 and earlier, 2.2.10 and earlier,...

PT-2020-17699 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.3 and earlier Magento versions 2.2.10 and earlier Magento versions 1.14.4.3 and earlier Magento versions 1.9.4.3 and earlier Description: The issue is related to the deserialization of untrusted data, which could lead to...