WordPress Plugin Contact Form to Any API SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

DEBIAN-CVE-2024-28233

JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API...

WordPress Plugin Coming Soon & Maintenance Mode by Colorlib Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PaperCut NG Security Vulnerability

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from a vulnerability that allows an attacker to expose files on the server to affected API endpoints via a payload...

CVE-2024-0687

The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API...

PYSEC-2024-245

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk...

WordPress Plugin Passster Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

ATSUMI Electric OET-213H-BTS1 Security Vulnerability

The ATSUMI Electric OET-213H-BTS1 is a temperature detection device from ATSUMI Electric. ATSUMI Electric OET-213H-BTS1 suffers from a security vulnerability that originates from allowing an unauthenticated attacker to execute the API...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 8.1.x through 8.1.9 and prior, 9.2.x through 9.2.5 and prior, 9.3.0, and 9.4.x through 9.4.2, which stems from a failure to limit the number of ro...

Apache Superset SQL注入漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit the vulnerability to...

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

Vulnerability fixed in Progress Kemp LoadMaster

Progress Kemp has fixed a vulnerability in LoadMaster. The vulnerability allows a malicious party to use specially API calls to issue system commands without being authorized. being authorized to do so. For successful exploitation, the malicious party must have access to the management interface...

Archer Platform Security Vulnerability

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.8 through prior to 6.14 P2 6.14.0.2 that stems from improper access control. An attacker exploiting this vulnerability could access API information with...

CVE-2024-25605

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

PT-2024-15692 · WordPress · The Passster

Name of the Vulnerable Software and Affected Versions: The Passster – Password Protect Pages and Content plugin for WordPress versions up to, and including, 4.2.6.2 Description: The issue allows unauthenticated attackers to obtain sensitive information, including post titles, slugs, IDs, content,...

CVE-2023-47132

An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls...

OESA-2024-1151 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can resu...