CVE-2024-32642 Host header poisoning allows account takeover via password reset email

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

WordPress plugin 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Link Library plugin in versions prior to 7.2.8 is vulnerable to cross-site request forgery, which stems from a WEB application that does not adequately verify that requests are coming...

WordPress 安全漏洞

WordPress plugin is a WordPress application plugin. WordPress Link Library plugin versions prior to 7.2.8 have an arbitrary link removal vulnerability, which stems from unauthorized removal of links, and can be exploited by attackers to remove arbitrary links via carefully crafted requests...

CVE-2018-14851

exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file...