libnbd: nbdcopy: missing error handling may create corrupted destination image

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the error parameter. This could result in the silent creation of a...

JetBrains Ktor Native Security Feature Issue Vulnerability

JetBrains Ktor Native is an asynchronous framework for creating microservices, web applications, etc. JetBrains Ktor Native versions prior to 2.0.0 are vulnerable to a security feature that stems from the fact that random values used for random number generation are not implemented using...

CVE-2022-0424

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users...

CVE-2022-0817

The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2022-0075)

The remote NewStart CGSL host, running version MAIN 4.06, has kernel packages installed that are affected by multiple vulnerabilities: - The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMINFINITY and 1 Gigabyte of memory is allocated the maxim...

WordPress plugin SEMA API SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

Information disclosure

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

CVE-2022-0771

The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions available to both unauthenticated and authenticated users, leading to Unauthenticated SQL Injections...

CVE-2022-0783

The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections...

WordPress plugin Cloudways Breeze 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Cloudways Breeze plugin 2.0.2 and earlier versions have a cross-site scripting vulnerabilit...

Low: Red Hat Security Advisory: Red Hat AMQ Broker 7.8.6 release and security update

Red Hat AMQ Broker 7.8.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2022-0287

The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog...

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...

WordPress plugin Menubar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2022-13096 · WordPress · Mycred

Name of the Vulnerable Software and Affected Versions: myCred WordPress plugin versions prior to 2.4.4.1 Description: The issue affects the myCred WordPress plugin, where the mycred-tools-select-user AJAX action lacks authorization, allowing any authenticated user to retrieve all email addresses...

WordPress plugin Donations SQL注入漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Donations plugin SQL injection vulnerability, the vulnerability stems from the inability to properly clean up and escape the...

WordPress plugins Easy Social Feed Free 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Easy Social Feed Free plugin is vulnerable to a cross-site scripting vulnerability that stems from...

Low: Red Hat Security Advisory: Red Hat Decision Manager 7.12.1 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

CVE-2022-0447

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting...