CVE-2024-9582

CVE-2024-9582 : Accordion Slider (WordPress)

CVE-2024-3866

CVE-2024-3866 refers to the Ninja Forms Contact Form plugin for WordPress, vulnerable up to version 3.8.15. The issue is a Reflected Self-Based Cross-Site Scripting via the Referer header caused by insufficient input sanitization and output escaping. It can allow unauthenticated attackers to inje...

Code Injection

typo3/cms-core is vulnerable to Code Injection. The vulnerability is due to improper validation of settings within the Install Tool when configuring the path to system binaries. This vulnerability is only exploitable by an administrator-level backend user with system maintainer permissions...

CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...

CVE-2019-5617 C4G BLIS Improper Access Control

Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user...