WCFM Membership < 2.11.0 - Unauthenticated Arbitrary Password Update via IDOR

The plugin allows unauthenticated attackers to update the password of arbitrary account via an IDOR attack, which could allow them to gain access to high privilege ones such as administrator...

CVE-2023-0756

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious cod...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache CXF

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache CXF. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM...

Information Disclosure

typed-rest-client is vulnerable to Information Disclosure. The vulnerability exists because the library does not disable the authentications on redirections, which allows an attacker to send a malicious request with BasicCredentialHandler, BearerCredentialHandler, or...

K000133706: OpenSSL vulnerability CVE-2023-0464

Security Advisory Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain th...

Use After Free

chromium is vulnerable to Use After Free. Vulnerability is available within 'WebProtect' in 'Google Chrome' which allows an attacker to commit heap corruption via a crafter HTML page...

Fedora 37 : php-nyholm-psr7 (2023-c29ae4c76f)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c29ae4c76f advisory. Version 1.6.1 - Security fix: CVE-2023-29197 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

ROS-20230428-02

A vulnerability in the Sqlalchemy mako Python template library is related to insufficient input validation when processing regular expressions in the Lexer class. Exploitation of the vulnerability could allow an attacker, acting remotely, pass specially crafted data to an application and perform ...

CVE-2023-31485

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks...

User IP and Location < 2.2.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-31485

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks...

CVE-2023-2158 Impersonation through User-Controlled Token

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

LinkedIn: CSRF that makes any linkedin user follow attacker controlled accounts by simply clicking https://www.linkedin.com/comm/mynetwork/discovery-see-all/*

A CSRF vulnerability was identified that could potentially cause a LinkedIn user to follow an attacker-controlled account without additional confirmation by clicking a specially crafted URL...

CVE-2022-47758

Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack...

CVE-2023-28009

HCL Workload Automation is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

Hop-by-hop abuse to malform header mutator

Impact Downstream services relying on the presence of headers set by the header mutator could be exploited. A client can drop the header set by the header mutator by including that header's name in the Connection header. Example minimal config: yaml - id: 'example' upstream: url:...

Stored Cross-site Scripting (XSS)

azuracast/azuracast is vulnerable to Stored Cross-site Scripting XSS. The vulnerability exists in main.phtml because the user display name in the menu is not properly escaped before being rendered, allowing an attacker to inject and execute malicious JavaScript through the display name...

Denial Of Services (DoS)

freetype is vulnerable to Denial Of Services DoS. The vulnerability exists because of the integer overflow in the tthvadvanceadjust function of ttgxvar.c, which allows an attacker to cause an application crash...

Update your PaperCut application servers now: Exploits in the wild

PaperCut, maker of print management solutions, has urged product users to update as soon as possible. A security vulnerability which exploits unpatched servers has been seen in the wild, with serious ramifications for any organisation impacted. Two specific vulnerabilities are at the heart of thi...

ClickFunnels <= 3.1.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC clickfunnelsembed url="javascript:alert1"...