The vulnerability of the PostgreSQL database management system, related to deficiencies in access control, allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of the SchemaHandler component in the PostgreSQL database management system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code using the CREATE SCHEMA command...

CVE-2023-34565

Netbox 3.5.1 is vulnerable to Cross Site Scripting XSS in the "Create Wireless LAN Groups" function...

Cross site scripting

Netbox 3.5.1 is vulnerable to Cross Site Scripting XSS in the "Create Wireless LAN Groups" function...

CVE-2023-34867

Jerryscript 3.0 commit 05dbbd1 was discovered to contain an Assertion Failure via the ecmapropertyhashmapcreate at jerry-core/ecma/base/ecma-property-hashmap.c...

DRUPAL-CONTRIB-2023-020

This module enables you to define a 'weekly office hours' field type, and add a field to any Content type, in order to display the weekly opening hours for a location. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability...

CVE-2023-34565

The CVE-2023-34565 entry affects NetBox 3.5.1, with a stored Cross-Site Scripting (XSS) vulnerability in the Create Wireless LAN Groups function. According to multiple sources, NetBox 3.5.1 is vulnerable to XSS in that feature, labeled as stored XSS in CNNVD/CVE records, and the vulnerability has...

PT-2023-25039 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0 commit 05dbbd1 Description: An Assertion Failure was discovered in Jerryscript via the ecma property hashmap create function at jerry-core/ecma/base/ecma-property-hashmap.c. Recommendations: For Jerryscript version 3.0...

GHSA-7MCW-XMX3-7P8M Insecure Temporary File in HuTool

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile function at /core/io/FileUtil.java...

Hutool 安全漏洞

Hutool is a small but complete Java tool library from the Chinese Dromara community. A security vulnerability exists in Hutool v5.8.17 and earlier versions, which originates from an information disclosure vulnerability in the File.createTempFile function in /core/io/FileUtil.java...

BB Machine Forum 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

OESA-2023-1342 libcap security update

This is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process...

OESA-2023-1345 libcap security update

This is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process...

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

ALPINE-CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

Code injection

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

WordPress Plugin WPCS – WordPress Currency Switcher Professional 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WPCS - A...

PT-2023-20153 · WordPress · Wpcs – Wordpress Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: WPCS – WordPress Currency Switcher Professional plugin versions up to, and including, 1.1.9 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data without authorization due to a missin...

CVE-2023-2455

CVE-2023-2455 describes a vulnerability in PostgreSQL row-level security where policies can be misapplied when a query plan is reused across different roles (e.g., security definer, or a common user plan executed under multiple SET ROLEs). The issue arises when policy evaluation depends on the in...

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...