CVE-2023-33665

ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

CVE-2023-33665

ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

Sql injection

ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

CVE-2023-33666

ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

Sql injection

ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

PT-2023-24445 · Unknown · Ai-Dev Aioptimizedcombinations

Name of the Vulnerable Software and Affected Versions: ai-dev aioptimizedcombinations versions prior to 0.1.3 Description: The issue is a SQL injection vulnerability via the component /includes/ajax.php. This vulnerability can be exploited, potentially allowing unauthorized access to database...

CVE-2023-33665

ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

CVE-2023-33665

ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

CVE-2023-33665

CVE-2023-33665 affects the PrestaShop-integrated component ai-dev aitable prior to v0.2.2. A SQL injection vulnerability exists in the /includes/ajax.php endpoint, enabling potentially unauthorized data access or modification. The available documents confirm the vulnerability and the affected com...

Cloudflare Wrangler Path Traversal Vulnerability

Cloudflare Wrangler is a repository from Cloudflare, Inc. A path traversal vulnerability exists in Wrangler versions prior to 3.1.1, which stems from a directory traversal vulnerability when running the local development server for Pages the wrangler Pages dev command, which can be exploited by a...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces Security Update

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.7.1 release is based on Eclipse Che 7.67. Dev Spaces releases support the late...

PT-2023-22655 · Mremoteng · Mremoteng

Name of the Vulnerable Software and Affected Versions: mRemoteNG versions = 1.76.20 mRemoteNG versions = 1.77.3-dev Description: The issue allows attackers to access the contents of configuration files in plain text through a memory dump, thus compromising user credentials when no custom password...

Debian dla-3503 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3503 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3503-1 [email protected] https://www.debian.org/lts/security/...

Malicious code in wrangler-dev-api-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 61404905188d42181fbf3217b2ebffe91c1328a0cd469718a53faec95f244738 The OpenSSF Package Analysis project identified 'wrangler-dev-api-app' @ 24.12.47 npm as malicious. It is considered malicious because: - The...

WordPress WP Dev Powers – Display Screen Dimensions to Admin Plugin Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Dev Powers – Display Screen Dimensions to Admin Plugin Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f38bbbbde0ec...

WordPress Content Aware Sidebars Plugin < 3.19.1 is vulnerable to Cross Site Scripting (XSS)

Software Content Aware Sidebars Type Plugin Vulnerable versions 3.19.1 Fixed in 3.19.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer DEV Institute PSID 7045acf9eb4c Credits Rafie Muhammad Patchstack...

WordPress Auto Set Admin Colour on Staging and Dev Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Auto Set Admin Colour on Staging and Dev Type Plugin Vulnerable versions = 4.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bc1617de8fbf Credits Rafie...

Hardcoded credentials

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...

CVE-2023-30791

Plane version 0.7.1-dev is affected: an attacker can change a user’s avatar, enabling upload of files with an HTML extension that are interpreted as HTML and JavaScript. This is described across multiple sources as an insecure avatar-upload path leading to HTML/JS content. Remediation guidance in...

PT-2023-22984 · Plane · Plane

Name of the Vulnerable Software and Affected Versions: Plane version 0.7.1-dev Description: The issue allows an attacker to change the avatar of their profile, enabling the upload of files with HTML extension that can interpret both HTML and JavaScript. Recommendations: For Plane version 0.7.1-de...