CVE-2023-34377 WordPress My Content Management Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joseph C Dolson My Content Management plugin = 1.7.6 versions...

CVE-2023-38688

twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including...

Design/Logic Flaw

twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including...

CVE-2023-38688 twitch-tui's connection is not encrypted

twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including...

Virtual Snipers DMS 1.0 SQL Injection

==================================================================================================================================== | Title : Virtual Snipers DMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Exploit for CVE-2023-38646

CVE-2023-38646 - Metabase Pre-auth RCE !Untitled presentatio...

CVE-2023-3462

A flaw was found in the HashiCorp Vault. The Vault and Vault Enterprise “Vault” LDAP auth method allows unauthenticated users to potentially enumerate valid accounts in the configured LDAP system by observing the response error when querying usernames...

CVE-2023-3462 Vault's LDAP Auth Method Allows for User Enumeration

HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed i...

GHSA-779W-XVPM-78JX twitch-tui's connection is not encrypted

Summary The connection is not using TLS for communication Details In the configuration of the irc connection, you are disabling tls which makes all communication to twitch irc servers unencrypted. PoC You can verify by using tcpdump/wireshark that traffic is unencrypted. Impact Communication can ...

CVE-2023-34644

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW3.01B11P204, RG-NBS and RG-S1930 series switches SWITCH3.01B11P218, RG-EG series business VPN routers EG3.01B11P216, EAP and RAP series wireless access points AP3.01B11P218, NBC series wirele...

Exploit for CVE-2023-38646

CVE-2023...

PT-2023-26552 · Unknown · Twitch-Tui

Name of the Vulnerable Software and Affected Versions: twitch-tui versions prior to 2.4.1 Description: The issue arises from the software's configuration of the IRC connection, which disables TLS, resulting in unencrypted communication to Twitch IRC servers. This allows communication, including...

Exploit for CVE-2023-38646

CVE-2023-38646 Metabase Pre-auth R...

Exploit for CVE-2023-38646

For educational purposes only Inspired by Assetnote resea...

CVE-2023-37970 WordPress MF Gig Calendar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Matthew Fries MF Gig Calendar plugin = 1.2 versions...

CVE-2023-37993 WordPress wpShopGermany IT-RECHT KANZLEI Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. Stored Cross-Site Scripting XSS vulnerability in maennchen1.De wpShopGermany IT-RECHT KANZLEI plugin = 1.7 versions...

WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software HTTP Auth Type Plugin Vulnerable versions = 0.3.2 Fixed in 1.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27435 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 3c605b41c95d Credits Mika Required privilege...

CVE-2023-36503

CVE-2023-36503 affects the WordPress plugin MaxButtons (MaxFoundry) for versions

CVE-2023-34369

CVE-2023-34369 affects the WordPress GrandSlambert Login Configurator plugin (versions ≤ 2.1). It is an authenticated Stored Cross-Site Scripting (XSS) vulnerability, exploitable by an admin+ user, with the issue described as an input/sanitization flaw in the login configuration flow. Impact per ...

[SECURITY] Fedora 37 Update: grpc-1.48.4-8.fc37

gRPC is a modern open source high performance RPC framework that can run in a ny environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...