24 matches found
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from a lack of workspace.tools permission checks at the tool update endpoint, which could allow...
CVE-2025-10313
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
CVE-2025-10313
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
EUVD-2025-34541
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
CVE-2025-10313
CVE-2025-10313 Find And Replace content for WordPress – unauthenticated Stored Cross-Site Scripting and Arbitrary Content Replacement due to missing capability check in far_admin_ajax_fun() for versions
CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
EUVD-1999-0979
Malware in sbrugna...
EUVD-2024-2231
Malicious code in bioql PyPI...
EUVD-2021-31660
Malicious code in bioql PyPI...
CVE-2024-40547
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace...
CVE-2024-40547
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace...
BIT-MEDIAWIKI-2021-44857
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page that the user doesn't have edit rights for. This applies to any public wiki, or a...
CVE-2021-44857
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page that the user doesn't have edit rights for. This applies to any public wiki, or a...
UBUNTU-CVE-2021-44857
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page that the user doesn't have edit rights for. This applies to any public wiki, or a...
CVE-2021-44857
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page that the user doesn't have edit rights for. This applies to any public wiki, or a...
CVE-2021-44857
CVE-2021-44857 affects MediaWiki up to: 1.35.4? (note: listed as 1.35.5, 1.36.x before 1.36.3, 1.37.x before 1.37.1). The issue allows an attacker to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page, even if the user lacks edit rights on that page, app...
CVE-2021-44857
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page that the user doesn't have edit rights for. This applies to any public wiki, or a...
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...
The digital entropy of death: link rot
Hot on the heels of a grim blog about digital death comes…another blog about digital death. Except in this case, the recently deceased would be the links that tie the web together, otherwise known as link rot. Link rot is a weird thing. Say I blog for Puppy Chow and I write an article about the...