6612 matches found
Information Disclosure
rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: PAM Auth Plugin component, allowing an attacker to access critical data or complete access to all MySQL Server accessible data...
WordPress Clerk plugin <= 3.8.2 - Auth. Bypass and API Keys Disclosure vulnerability
Auth. Bypass and API Keys Disclosure vulnerability discovered by Francesco Carlucci in the WordPress Clerk plugin versions = 3.8.2. Solution Update the WordPress Clerk plugin to the latest available version at least 4.0...
CVE-2022-41978
The CVE-2022-41978 issue affects the WordPress Zoho CRM Lead Magnet plugin, specifically versions up to 1.7.5.8 (and referenced guidance up to 1.7.6.x). The root cause is insufficient authorization and CSRF protections in certain AJAX actions, allowing authenticated users (e.g., subscriber level)...
CVE-2022-29836 Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file...
CVE-2022-32776
CVE-2022-32776 affects the WordPress plugin “Advanced Ads – Ad Manager & AdSense” 1.31.1, with references noting 1.32.0 or newer). The exploitation status is not detailed in the provided documents. Monitor for updates and apply the latest available version to mitigate risk.
CVE-2022-41980 WordPress Mantenimiento web plugin <= 0.13 - Auth. Cross-Site Scripting (XSS) vulnerability
Auth. admin+ Cross-Site Scripting XSS vulnerability in Mantenimiento web plugin = 0.13 on WordPress...
CVE-2022-41980
The CVE-2022-41980 entry concerns the WordPress Mantenimiento web plugin, versions ≤ 0.13, where authenticated attackers with admin+ privileges can trigger Cross‑Site Scripting (XSS). Multiple sources describe the issue as an XSS vulnerability arising from unsanitized/uncleaned plugin settings, p...
CVE-2022-30545
The CVE-2022-30545 entry describes an authenticated reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin 5 Anker Connect, affected versions
CVE-2022-37899
CVE-2022-37899 describes authenticated command injection in ArubaOS CLI, allowing execution of arbitrary commands with privileged OS access. Multiple feeds (NVD, Red Hat, CNNVD, PRION, etc.) corroborate ArubaOS as the affected software and a command-injection class vulnerability; some sources not...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in AgentEasy Properties plugin = 1.0.4 on WordPress...
WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AM-HiLi plugin versions = 1.0. Solution No patched version is available...
WordPress Subscribe to Category plugin <= 2.7.3 - Auth. Broken Access Control vulnerability
Auth. Broken Access Control vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress Subscribe to Category plugin versions = 2.7.1. Solution No patched version is available. No reply from the vendor...
WordPress Popup Maker plugin <= 1.16.10 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by c3p0d4y in WordPress Popup Maker plugin versions = 1.16.10. Solution Update the WordPress Popup Maker plugin to the latest available version at least 1.16.11...
PHP Point of Sale 安全漏洞
PHP Point of Sale is an online point of sale system for small retail businesses by PHP Point of Sale, Inc. A security vulnerability exists in PHP Point of Sale LLC version 19.0 that stems from the application's susceptibility to the disclosure of authenticated information, which can be exploited ...
WordPress Booster for WooCommerce premium <= 5.6.4 - Auth. Arbitrary File Download vulnerability
Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress Booster for WooCommerce premium versions = 5.6.4. Solution Update the WordPress Booster Plus for WooCommerce plugin to the latest available version at least 5.6.5...
WordPress WP Best Quiz plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Alpaca in WordPress WP Best Quiz plugin versions = 1.0. Solution No patched version available...
CVE-2022-3095
The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '' characters in URIs, which can lead to auth bypass in webapp...
CVE-2022-3095
CVE-2022-3095 affects Dart/Flutter: the Dart URI class uses RFC 3986 syntax for backslash parsing, diverging from WhatWG URL standards and causing incompatibilities with \ in URIs. This can enable authentication bypass in web apps that parse URIs. Affected: Dart versions prior to 2.18 and Flutter...
mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...
PT-2022-24910 · Openfga · Openfga
Name of the Vulnerable Software and Affected Versions: openfga/openfga versions 0.2.3 and prior Description: OpenFGA is an authorization/permission engine. The streamed-list-objects endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users who ar...