Cross site request forgery (csrf)

The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

Cross site request forgery (csrf)

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack...

CVE-2023-0495

CVE-2023-0495 — HT Slider For Elementor (WordPress) vulnerable versions: HT Slider For Elementor plugin prior to 1.4.0. Root cause: CSRF validation missing during plugin activation, enabling an attacker to trigger activation of arbitrary plugins on an admin panel. Impact: can lead to arbitrary pl...

CVE-2023-0505 Ever Compare <= 1.2.3 - Arbitrary Plugin Activation via CSRF

The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0499

CVE-2023-0499 concerns the WordPress QuickSwish plugin prior to 1.1.0, which omits CSRF validation on plugin activation. This allows an authenticated attacker to induce a logged-in admin to activate arbitrary plugins via CSRF. Affected: QuickSwish

CVE-2023-1089

CVE-2023-1089 affects the Coupon Zen WordPress plugin prior to version 1.0.6, where there is no CSRF validation when activating plugins. The underlying issue is a lack of CSRF protection in the plugin activation flow, allowing an authenticated attacker to induce an admin to activate arbitrary plu...

CVE-2023-0498

CVE-2023-0498 affects the WP Education WordPress plugin prior to 1.2.7. The vulnerability is a CSRF flaw in the plugin activation flow that could allow a CSRF attacker to cause logged-in admins to activate arbitrary plugins on the blog. Remediation: upgrade to WP Education 1.2.7 or later (patched...

CVE-2023-1088 WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF

The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0504

CVE-2023-0504 – HT Politic WordPress plugin prior to 2.3.8 suffers a CSRF flaw during plugin activation, allowing a CSRF attacker to cause logged-in admins to activate arbitrary plugins. This requires an authenticated admin user and CSRF interaction. Impact : arbitrary plugin activation within th...

Cross site scripting

RIFARTEK IOT Wall transportation function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can inject JavaScript to perform reflected XSS Reflected Cross-site scripting attack...

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

By Deeba Ahmed The backdoors used in this campaign are never-before-seen malware strains called CommonMagic and PowerMagic. This is a post from HackRead.com Read the original post: New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails...

Denial Of Service (DoS)

openssl is vulnerable to Denial of Service DoS attacks. An attacker is able to create a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service DoS attack on affected systems...

CVE-2023-1410

A flaw was found in Grafana. This flaw allows an attacker to host a Graphite instance with modified Function Descriptions containing XSS payloads. When the victim uses it in a query and accidentally hovers over the Function Description, an attacker-controlled XSS payload will be executed...

Exploding USB Sticks

In case you dont have enough to worry about, people are hiding explosives--actual ones--in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his...

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Information Disclosure. The vulnerability is due to a bug that allows unauthorized users to enumerate application names by inspecting API error messages, which can then be used as a starting point for another attack...

Information disclosure

Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive informati...

MinIO Information Disclosure Vulnerability

MinIO is an open source object storage server from MinIO, Inc. The product supports building infrastructure for machine learning, analytics, and application data workloads.MinIO is vulnerable to an information disclosure vulnerability that stems from the fact that in a cluster deployment MinIO...

GHSA-QRRG-GW7W-VP76 Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip

Summary When a Graphite data source is added, one can use this data source in a dashboard. This contains a feature to use Functions. Once a function is selected, a small tooltip will be shown when hovering over the name of the function. This tooltip will allow you to delete the selected Function...

Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip

Summary When a Graphite data source is added, one can use this data source in a dashboard. This contains a feature to use Functions. Once a function is selected, a small tooltip will be shown when hovering over the name of the function. This tooltip will allow you to delete the selected Function...

CVE-2022-41354

An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge ...