CVE-2024-33668

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to...

2024-04 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5036892)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

2024-04 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5036899)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

2024-04 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5036620)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

2024-04 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 for x64 (KB5036617)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

2024-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB5037039)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

PT-2024-23729 · Ecshop · Ecshop

Name of the Vulnerable Software and Affected Versions: ECshop versions 4.x Description: The issue allows an attacker to obtain sensitive information via the file/article.php component. This is achieved through a SQL Injection vulnerability, which enables the attacker to manipulate database querie...

ECshop 安全漏洞

ShopeX ECShop is an open source mall system of the Chinese business school ShopeX company . Support PC + H5 + APP + small program mall, source code free download experience, suitable for enterprise development and build mall. ECShop SQL injection vulnerability , the vulnerability stems from...

File Validation Bypass

ezsystems/ezplatform-kernel is vulnerable to File Validation Bypass. The vulnerability is due to improper file validation, which allows an attacker to save article content even if its rejected during validation...

CVE-2024-1379

CVE-2024-1379 affects Website Article Monetization By MageNet for WordPress. All versions up to 1.0.11 are vulnerable to unauthenticated Stored XSS via the abp_auth_key parameter due to insufficient input sanitization/output escaping and a missing authorization check, enabling injection of script...

CVE-2024-1379

The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abpauthkey' parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it...

WordPress Plugin Website Article Monetization By MageNet Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Website Article Monetization By MageNet < 1.0.12 - Unauthenticated Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'abpauthkey' parameter due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

CVE-2024-28865 django-wiki denial of service via regular expression

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...

CVE-2024-28678

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articledescriptionmain.php...

CVE-2024-28677

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/articlekeywordsmain.php...

CVE-2024-28676

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via /dede/articleedit.php...

CVE-2024-0828 Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers...

CVE-2024-28432

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articleedit.php...

CVE-2024-28678

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articledescriptionmain.php...