CVE-2024-27955 WordPress Automatic plugin <= 3.92.0 - CSRF to Privilege Escalation vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0...

CVE-2024-27954 WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0...

WordPress Automatic < 3.95.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter

Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

WordPress plugin Automatic 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress plugin Automatic 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

CVE-2024-3460

In KioWare for Windows versions all through 8.34 it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs. ...

VulnCheck KEV: CVE-2021-43936

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...

[SECURITY] Fedora 40 Update: clamav-1.0.6-1.fc40

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

[SECURITY] Fedora 38 Update: clamav-1.0.6-1.fc38

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

[SECURITY] Fedora 39 Update: clamav-1.0.6-1.fc39

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

Avantra 安全漏洞

Avantra is an SAP software from Avantra. Avantra has a security vulnerability that stems from a potential data leak if users can create dashboards using automatically logged-in users...

[SECURITY] Fedora 38 Update: et-6.2.8-1.fc38

Eternal Terminal ET is a remote shell that automatically reconnects without interrupting the session...

[SECURITY] Fedora 39 Update: et-6.2.8-1.fc39

Eternal Terminal ET is a remote shell that automatically reconnects without interrupting the session...

CVE-2024-33511

CVE-2024-33511 is an unauthenticated buffer-overflow in ArubaOS Automatic Reporting service exposed via PAPI UDP port 8211. The vulnerability permits remote code execution as a privileged OS user. Affected products include Aruba Mobility Conductor (Mobility Master), Mobility Controllers, WLAN Gat...

CVE-2024-33511

There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of this...

UBUNTU-CVE-2024-27014

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the priv-statelock, any scheduled aRFS works are canceled using the cancelworksync function, which waits for the work to end if it has already started...

Exploit for SQL Injection in Valvepress Automatic

CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection i...

Aruba Networks ArubaOS 安全漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that stems from a buffer overflow in the underlying Automatic Reporting...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from cluster metadata not being automatically updated...

The vulnerability of the WordPress Automatic Plugin, a content management system plugin for WordPress, allows attackers to increase their privileges.

The vulnerability of the WordPress Automatic Plugin, a content management system for WordPress websites, is related to the falsification of cross-site requests due to incorrect validation of the value of the one-time code nonce. Exploiting this vulnerability can allow a malicious actor to enhance...