CVE-2024-33830

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/readDeal.php?mudi=clearWebCache...

CVE-2024-10786

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the slaclearusercache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2024-13338 Webcraftic Clearfy – WordPress optimization plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfycachedelete functionality . This makes ...

CVE-2023-1925 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_clear_cache_of_allsites_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcclearcacheofallsitescallback function. This makes it possible for unauthenticated attackers to clear cache...

CVE-2023-1346

CVE-2023-1346 affects the WordPress plugin RapidLoad Power-Up for Autoptimize (versions up to and including 1.7.1). The issue is a CSRF in the clear_page_cache function due to missing or incorrect nonce validation, allowing unauthenticated attackers to clear the plugin cache if a site admin is tr...

CVE-2023-0447

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...

PT-2023-16277 · WordPress · My Youtube Channel

Name of the Vulnerable Software and Affected Versions: My YouTube Channel plugin for WordPress versions up to, and including, 3.0.12.1 Description: The issue is related to authorization bypass due to a missing capability check on the clear all cache function. This allows authenticated attackers...

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

Description Several endpoints are vulnerable to CSRF 1: module install /index.php?route=/panel/core/modules/&action=install 2: clear template cache /index.php?route=/panel/core/paneltemplates/&action=clearcache 3: install templates, activate template, deactivate template, delete template,...

node-tkinter is malware

The node-tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

GHSA-QJ73-V688-WQXF Hijacked Environment Variables in proxy.js

The proxy.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concer...

GHSA-X52F-H74P-9JH8 node-sqlite is malware

The node-sqlite package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

MGASA-2017-0253 Updated varnish packages fix security vulnerability

A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process CVE-2017-12425...

MGASA-2016-0214 Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser-stable 51.0.2704.63 fixes security issues: cross-origin bypass problems in extensions bindings CVE-2016-1672 and CVE-2016-1676, blink CVE-2016-1673 and CVE-2016-1675, and extensions CVE-2016-1674 heap use-after free bugs in V8 bindings CVE-2016-1679, Skia CVE-2016-1680, and...

symfony 1.0.5 released (security fix)

I've just released symfony 1.0.5. If you use the symfony built-in phpmailer and you do if you use the -sendMail method in your actions, you must upgrade to this release or apply the following patch: http://trac.symfony-project.com/trac/changeset/4380?format=diff&new=4380. PHPMailer has a remote...