WordPress Plugin Master Slider Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress Plugin User Submitted Posts Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress Plugin Symbiostock Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress Plugin Themify Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress Plugin Gravity Forms Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

Audiobookshelf Code Issue Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server from audiobookshelf open source. A code issue vulnerability exists in Audiobookshelf 2.4.3 and earlier versions, which stems from the ability of a user with updated privileges to read arbitrary files, delete arbitrary files, and send a...

Unrestricted Unwrap Fee Changes: Instability, Market Disruption, and Loss of Trust

Lines of code Vulnerability details Impact The current changeUnwrapFee function in the Ocean smart contract allows the owner to change the unwrap fee divisor with no restrictions, leading to several negative impacts: 1. Unstable Unwrap Fees: Frequent changes in the divisor can cause instability a...

Google Pixel Security Breach

Google Pixel is a smartphone from the American company Google. Google Pixel has a security vulnerability that stems from the presence of a logic error in the code...

Symbolicator Code Issue Vulnerability

Symbolicator is a symbol service for native stack traces and small dumps with symbol server support. A code issue vulnerability exists in Symbolicator versions 0.3.3 through 23.11.2, which stems from the fact that an attacker can use a specially crafted HTTP endpoint to allow Symbolicator to send...

CVE-2023-40056

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account...

CVE-2023-40056

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account...

Sql injection

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account...

CVE-2023-40056

SolarWinds Orion Platform is affected by a SQL Injection Remote Code Execution vulnerability (CVE-2023-40056). The known flaw exists in the VimChartInfo class and arises from improper validation of a user-supplied string used to construct SQL queries, enabling remote code execution. Exploitation ...

Ray Code Issues Vulnerabilities

Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. A code issue vulnerability exists in Ray version 2.6.3, 2.8.0. A remote attacker could exploit this vulnerability to execute arbitrary code via the Job Submission API...

Hardcoded credentials

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens...

Biased rsETH price calculation in depositAsset results in lesser rsETH minted to user

Lines of code Vulnerability details Impact The LRTDepositPool acts as a simplified vault allowing restakers to transfer their liquid staked tokens and receive rsETH tokens based on the current rsETH exchange rate. rsETH are minted to user by interacting with depositAsset function of LRTDepositPoo...

Arthimetic operation result in loss of voting power

Lines of code Vulnerability details Impact Carrying out calculation of voting power in function finalize based on division with value 1e4, then subtracting it with totalContributions and after that multiplying and dividing again will be a resultant that cause large precision error or even loss of...

Unbounded iteration over all index

Lines of code Vulnerability details Impact The transactions could fail if the array get too big and the transaction would consume more gas than the block limit. This will then result in a denial of service for the desired functionality and break core functionality. Proof of Concept Functions like...

CVE-2023-21351

CVE-2023-21351 affects Google Android (Framework) and is described as a local elevation-of-privilege vulnerability caused by a logic error that can trigger a background activity launch. The issue can be exploited without user interaction and could compromise confidentiality, integrity, and availa...