@gadgetinc/auth (>=0.1.0 <=0.4.0), clubeeo-core (>=0.6.0 <=0.6.12) +1 more potentially affected by CVE-2023-31999 +1 more via @fastify/oauth2 (>=5.1.0 <=6.1.0)

@fastify/oauth2 NPM version =5.1.0, =0.1.0, =0.6.0, =3.0.0-beta.0, =3.0.0-beta.31 Source cves: CVE-2023-31999, CVE-2023-35935 Source advisory: OSV:GHSA-G8X5-P9QC-CF95...

GHSA-CF6V-9J57-V6R6 code.gitea.io/gitea Open Redirect vulnerability

Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. This is most likely a post-auth redirect plus it is a POST based request scenario, so less likely that can be exploited or chained with other bugs that can cause phishing or credential theft...

code.gitea.io/gitea Open Redirect vulnerability

Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. This is most likely a post-auth redirect plus it is a POST based request scenario, so less likely that can be exploited or chained with other bugs that can cause phishing or credential theft...

PT-2023-25169 · Gitea +1 · Gitea +1

Name of the Vulnerable Software and Affected Versions: gitea versions prior to 1.19.4 Description: The issue is an Open Redirect vulnerability in the GitHub repository go-gitea/gitea. This vulnerability is most likely a post-auth redirect and is a POST-based request scenario, making it less likel...

Arlisistem 3.0 SQL Injection

==================================================================================================================================== | Title : Arlisistem 3.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : http://www.arlisistem.com/ | | Dor...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2023-36053 via django (>=4.2.0 <=4.2.29)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2023-36053 Source advisory: OSV:GHSA-JH3W-4VVF-MJGR...

CVE-2023-26258

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute a...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 security update on RHEL 9

New Red Hat Single Sign-On 7.6.4 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 9 : Red Hat Single Sign-On 7.6.4 security update on RHEL 9 (Important) (RHSA-2023:3885)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3885 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

RHEL 8 : Red Hat Single Sign-On 7.6.4 security update on RHEL 8 (Important) (RHSA-2023:3884)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3884 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

RHEL 7 : Red Hat Single Sign-On 7.6.4 security update on RHEL 7 (Important) (RHSA-2023:3883)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3883 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

CVE-2023-32523

Affected versions of Trend Micro Mobile Security Enterprise 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2023-29437

The CVE-2023-29437 entry corresponds to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Connections Business Directory plugin, affecting versions 10.4.36, specifically 10.4.37 or later. Patch sources indicate a low-severity issue with low likelihood of exploitation. No exploit...

CVE-2023-29435 WordPress Cryptocurrency All-in-One Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Zwaply Cryptocurrency All-in-One plugin = 3.0.19 versions...

CVE-2023-29435

CVE-2023-29435 : Auth. (contributor+) Stored Cross-Site Scripting (XSS) in the WordPress plugin “Cryptocurrency All-in-One” (WordPress Cryptocurrency All-in-One Plugin) up to version 3.0.19. Public data confirms the vulnerable component is the plugin; root cause is stored XSS as stated, with an a...

CVE-2023-29424 WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Plainware ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

CVE-2023-28991 WordPress Order date time for WooCommerce Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin = 3.0.19 versions...

CVE-2023-28991

CVE-2023-28991 corresponds to a Stored XSS vulnerability in the PI Websolution Order date, Order pickup, Order date time, Pickup Location, and delivery date components of the WP plugin for WooCommerce, affected

CVE-2023-28988 WordPress Direct checkout, Add to cart redirect for Woocommerce Plugin <= 2.1.48 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin = 2.1.48 versions...

CVE-2023-28988

CVE-2023-28988 concerns the WordPress plugin “Direct checkout, Add to cart redirect for WooCommerce” (PI Websolution) for WooCommerce. Affected: plugin versions ≤ 2.1.48. Nature: Authenticated Stored Cross-Site Scripting (XSS) vulnerability present in multiple UI elements (Direct checkout, Add to...