17965 matches found
curl: Buffer overflow in strcpy
Vulnerability description not provided...
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)
Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...
10,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Power: Complete AI Pack WordPress Plugin
🦸 👻 Calling all superheroes and haunters! Introducing theCybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations...
XSS in the edit HTML
This report is not public...
Web server DOS through run metrics
This report is not public...
Open Redirect
This report is not public...
AWS VDP: Reflected XSS on Amazon EC2 Instance
Product: Amazon Elastic Compute Cloud Amazon EC2 Vulnerability Type: Reflected Cross-Site Scripting XSS CVE: CVE-2022-29548 Severity: Medium Description: A reflected XSS vulnerability was discovered on the Amazon EC2 instance, allowing an attacker to inject malicious JavaScript code, potentially...
Local File Inclusion in netease-youdao/qanything
This report is not public...
Redos (Regular Expression Denial of Service)
This report is not public...
server crash by zip bomb
This report is not public...
CVE-2024-9539
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to uplo...
CVE-2024-9487 An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be...
Get Spooked By Huge Scope and Rewards in the Wordfence Bug Bounty Cybersecurity Month Spooktacular Haunt!
Calling all vulnerability researchers! Get ready to immerse yourselves in the world of WordPress security with the Wordfence Cybersecurity Month Spooktacular Haunt , running from now through November 11th, 2024! What's Happening During This Cybersecurity Month Spooktacular Haunt? In celebration o...
20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin
📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...
CVE-2024-8770
A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...
CVE-2024-8263
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. Thi...
CVE-2024-8770
A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...
CVE-2024-8770
A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...
CVE-2024-8770
CVE-2024-8770 describes a Cross-Site Scripting (XSS) vulnerability in the repository transfer feature of GitHub Enterprise Server. The issue affected all versions prior to the fixed releases and allowed attackers to steal sensitive user information via social engineering. Fixes were released in G...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 9, 2024 to September 15, 2024)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearchers...