EUVD-2024-54103

Malicious code in bioql PyPI...

EUVD-2024-32297

Malicious code in bioql PyPI...

CVE-2024-13412

The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions...

CVE-2024-13412 CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler

The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions...

CVE-2024-13412

CVE-2024-13412 affects CozyStay - Hotel Booking WordPress Theme. All versions up to and including 1.7.0 have a missing capability check in the ajax_handler function that allows unauthenticated attackers to perform arbitrary actions. The vulnerability is documented in multiple sources (Wordfence a...

CVE-2024-13410 CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler

The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajaxhandler' function. This makes it possible for...

CVE-2024-13412 CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler

The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions...

CVE-2024-13410

CVE-2024-13410 affects CozyStay &lt;= 1.7.0 and TinySalt

CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification

The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...

CVE-2024-3722 Swift Performance Lite <= 2.3.6.18 - Incorrect Authorization to Authenticated (Subscriber+) Settings Modification

The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to retriev...

CVE-2024-3722 Swift Performance Lite <= 2.3.6.18 - Incorrect Authorization to Authenticated (Subscriber+) Settings Modification

The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to retriev...

CVE-2018-10554

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in 1 the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; 2 includes/components/xicore/downtime.php, related to the updatepages function; 3 the ajaxhelper.ph...