CVE-2024-32947

CVE-2024-32947 is a Cross-Site Request Forgery (CSRF) vulnerability in WP ADA Compliance Check Basic (AlumniOnline Web Services LLC) for WordPress, affecting versions up to 3.1.3. The CVSS base score is 4.3 (Medium); attack vector is network with user interaction required. The available documents...

WordPress plugin WP ADA Compliance Check Basic 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-31463

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONICREVERSEPROXYSETUP variable set to true, 1 HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2...

CVE-2024-31463

The CVE-2024-31463 entry concerns Ironic-image in reverse proxy mode. When IRONIC_REVERSE_PROXY_SETUP is true, HTTP basic creds are validated in the HTTPD container and Ironic listens on a private port (6388) on localhost, enabling unauthenticated access to the Ironic API for pods/local users on ...

Calendarista Basic Edition < 3.0.3 - Cross-Site Request Forgery

Description The Calendarista Basic Edition plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.2. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform...

Kohya_ss 安全漏洞

Kohya is a repository for bmaltais individual developers. A security vulnerability exists in Kohyass versions v22.6.1 through v23.1.3, which stems from a command injection vulnerability in basicoptiongui.py...

CVE-2024-31942

Cross-Site Request Forgery CSRF vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through = 3.0.2...

CVE-2024-31942

Calendarista Basic Edition (WordPress) is affected by a Cross-Site Request Forgery (CSRF) vulnerability for Calendarista Booking actions in versions up to 3.0.2. The issue is confirmed as fixed (Patched) in a newer release; upgrade to a patched version when available. If upgrading is not possible...

CVE-2024-31942 WordPress Calendarista Basic Edition plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through = 3.0.2...

The vulnerability of UEFI (BIOS) in HP workstations allows a hacker to elevate their privileges, execute arbitrary code, or cause system failures.

The vulnerability of HP workstation BIOS microprogramming software is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges, execute arbitrary code, or cause service failures...

Apache Solr Operator liveness and readiness probes may leak basic auth credentials

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for...

CVE-2024-31391

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for...

Apache Solr Operator 日志信息泄露漏洞

Apache Solr is a search server based on Lucene a full-text search engine from the Apache Foundation. The product supports hierarchical search, vertical search, highlighting of search results, and more. A log information disclosure vulnerability exists in Apache Solr Operator versions 0.3.0 throug...

Schneider Electric Modicon M340 GoAhead Webserver Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2015-7937)

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. This plugin only works with Tenable.ot. Please visit...

WordPress Calendarista Basic Edition plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Calendarista Basic Edition versions = 3.0.2...

CVE-2024-0873

The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

PT-2024-15882 · WordPress · Watu Quiz

Name of the Vulnerable Software and Affected Versions: Watu Quiz plugin for WordPress versions up to, and including, 3.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode due to insufficient input sanitization and output escaping on...

CVE-2024-25705

There is a cross‑site scripting XSS vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary...

SUSE CVE-2023-52633

In the Linux kernel, the following vulnerability has been resolved: um: time-travel: fix time corruption In 'basic' time-travel mode without =inf-cpu or =ext, we still get timer interrupts. These can happen at arbitrary points in time, i.e. while in timerread, which pushes time forward just a...

DEBIAN-CVE-2023-52633

In the Linux kernel, the following vulnerability has been resolved: um: time-travel: fix time corruption In 'basic' time-travel mode without =inf-cpu or =ext, we still get timer interrupts. These can happen at arbitrary points in time, i.e. while in timerread, which pushes time forward just a...