Cross Site Scripting (XSS)

socalnick/scn-social-auth is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not escaping the URL parameter "redirect," allowing an attacker to inject malicious HTML and execute arbitrary code...

CVE-2024-36378

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens...

CVE-2024-36378

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens...

CVE-2024-36378

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens...

PT-2024-40259 · Passbolt · Passbolt

Name of the Vulnerable Software and Affected Versions: Passbolt affected versions not specified Description: The issue concerns the /auth/verify.json endpoint, which returns a JSON containing the cookies sent in the request. This could allow an attacker who exploits an XSS vulnerability to retrie...

PT-2024-33172 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.8 Description: The issue is related to Stored Cross-Site Scripting via the id parameter due to insufficient input sanitization and output escaping. This...

Grafana Escalation from admin to server admin when auth proxy is used

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: - Download Grafana 9.1.6 - Release not...

GHSA-FF5C-938W-8C9Q Grafana Escalation from admin to server admin when auth proxy is used

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: - Download Grafana 9.1.6 - Release not...

Minor update (5) for Vivaldi Desktop Browser 6.7

Download Vivaldi The following improvements were made since the fourth 6.7 minor update: Chromium Upgraded 124.0.6367.219 CVE-2024-4761: NB. Chromium updates may include security enhancements or fixes, crash fixes, or website compatibility updates. Web Compatibility Auth does not work when link i...

CVE-2024-34440 WordPress AI Engine plugin <= 2.2.63 - Auth. Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63...

CVE-2024-34440 WordPress AI Engine plugin <= 2.2.63 - Auth. Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63...

RHEL 8 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla: Malicious Extension could obtain auth codes from OAuth login flows CVE-2020-6823 - If a user sav...

J2EEFAST 安全漏洞

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version exists SQL injection vulnerability , the vulnerability stems from the authUserList function in the...

PT-2024-25139 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was found in J2EEFAST via the sql filter parameter in the authUserList function. Recommendations: For J2EEFAST version 2.7.0, consider restricting access to the authUserList function...

CVE-2024-34390 WordPress Post Grid Master plugin <= 3.4.8 - Auth. Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8...

BIT-APISIX-2024-32638 Apache APISIX: Forward-Auth Request Smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue...

CVE-2023-32169

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-50211

The CVE-2023-50211 entry concerns D-Link G416 routers. The vulnerability is a stack-based buffer overflow in the httpd API-AUTH Timestamp Processing function, triggered by insufficient validation of the length of user-supplied data copied into a fixed-length stack buffer. Impact is remote code ex...

CVE-2023-35726 D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

CVE-2024-32638

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue...