WordPress Spiffy Calendar Plugin <= 4.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.13 Fixed in 4.9.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-45458 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6044522ff419 Credits LVT-tholv2k Required privilege...

WordPress WP Meta SEO Plugin <= 4.5.13 is vulnerable to Cross Site Scripting (XSS)

Software WP Meta SEO Type Plugin Vulnerable versions = 4.5.13 Fixed in 4.5.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-45456 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 753a33ee6300 Credits Robert DeVore Required privilege...

EulerOS 2.0 SP10 : orc (EulerOS-SA-2024-2426)

According to the versions of the orc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially...

WordPress WPvivid Backup and Migration Plugin < 0.9.106 is vulnerable to Sensitive Data Exposure

Software WPvivid Backup and Migration Type Plugin Vulnerable versions 0.9.106 Fixed in 0.9.106 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7315 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID d872d427e182 Credits Dmitrii...

WordPress Envira Photo Gallery Plugin < 1.8.15 is vulnerable to Cross Site Scripting (XSS)

Software Envira Photo Gallery Type Plugin Vulnerable versions 1.8.15 Fixed in 1.8.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3899 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 91d28b966c51 Credits Dmitrii Ignatyev...

WordPress WP Delicious Plugin <= 1.6.9 is vulnerable to Arbitrary File Download

Software WP Delicious Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.7.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-7626 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 044013a60ca3 Credits Connor Billings Required...

WordPress Flash & HTML5 Video Plugin <= 2.5.34 is vulnerable to Broken Access Control

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.34 Fixed in 2.5.35 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7721 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 692106c3e036 Credits Lucio Sá Required...

MGASA-2024-0288 Updated orc packages fix security vulnerability

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

Updated orc packages fix security vulnerability

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2024-41728

CVE-2024-41728 affects SAP NetWeaver Application Server for ABAP and ABAP Platform, where a missing authorization check allows a user logged in as a developer to read objects contained in a package, impacting confidentiality. Affected context and root cause are described across multiple sources (...

WordPress Nova Blocks by Pixelgrade Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Nova Blocks by Pixelgrade Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8241 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f5ae0b10869 Credits Francesco...

WordPress Bit File Manager Plugin <= 6.5.5 is vulnerable to Arbitrary File Upload

Software Bit File Manager Type Plugin Vulnerable versions = 6.5.5 Fixed in 6.5.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7770 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4d22ee982f55 Credits TANG Cheuk Hei siunam Required privileg...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from a lack of authorization checking and allows an attacker logged in as a developer to read objects contained in a package...

WordPress Big File Uploads Plugin <= 2.1.2 is vulnerable to Full Path Disclosure (FPD)

Software Big File Uploads Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Full Path Disclosure FPD CVE CVE-2024-8538 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7d70a0318727 Credits netc4t Required privileg...

WordPress Ninja Forms File Uploads Extension Plugin <= 3.3.16 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms File Uploads Extension Type Plugin Vulnerable versions = 3.3.16 Fixed in 3.3.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1596 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 261b89d2f6fa Credi...

JVN#65724976: WordPress Plugin "Forminator" vulnerable to cross-site scripting

WordPress Plugin "Forminator" provided by WPMU DEV assists building web forms. When accessing the page including the web form created with Forminator, some information from the URL may be embedded to the web form. This feature processes the embedded information improperly, leading to cross-site...

WordPress Advanced Sermons Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Sermons Type Plugin Vulnerable versions = 3.3 Fixed in 3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7599 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d85d91823452 Credits vgo0 Required privilege...

Malicious code in tcgplayer-developer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8872e81cbcd437acbedb9771171079c77c0f370055e0cc7423b96b7bdd9a75e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8827 Malicious code in tcgplayer-developer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8872e81cbcd437acbedb9771171079c77c0f370055e0cc7423b96b7bdd9a75e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress LiteSpeed Cache Plugin < 6.5.0.1 is vulnerable to Broken Authentication

Software LiteSpeed Cache Type Plugin Vulnerable versions 6.5.0.1 Fixed in 6.5.0.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-44000 Patch priority High CVSS severity High 9.8 Developer Hai Zheng / Lite Speed Cache PSID 8f939cc0b306...