WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.31 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.31 Fixed in 2.10.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1323 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 18903688a247 Credits Webbernaut...

WordPress Adsmonetizer Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Adsmonetizer Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-1437 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8446c2dca06a Credits Majed Refaea Required privilege...

Path traversal

@backstage/backend-common is a common functionality library for backends for Backstage, an open platform for building developer portals. In @backstage/backend-common prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the resolveSafeChildPath utility were not exhaustive enough, leadi...

WordPress Ultimate Member Plugin 2.1.3-2.8.2 is vulnerable to SQL Injection

Software Ultimate Member Type Plugin Vulnerable versions 2.1.3-2.8.2 Fixed in 2.8.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1071 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d52d7ae096c8 Credits Christiaan Swiers Required privilege...

Library System SQL Injection Vulnerability

Library System is a library management system by the individual developer nurhodelta17. A SQL injection vulnerability exists in Library System version 1.0, which stems from the fact that incorrect manipulation of the parameters username/password can lead to sql injection...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2023...

CVE-2024-0410

Removed by vendor...

GitHub: Source Code and data exfiltration via Github Copilot

The vulnerability was caused by insecure output handling in the Copilot client interfaces. A prompt injection attack was able to result in data exfiltration. The vulnerability was addressed by only rendering images from trusted domains and adding interstitial modals to inform users about link...

WordPress Cost of Goods for WooCommerce Plugin <= 3.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Cost of Goods for WooCommerce Type Plugin Vulnerable versions = 3.2.8 Fixed in 3.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0821 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 06f40e6d3a9e Credits...

WordPress Tutor LMS Plugin <= 2.6.0 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1133 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f48325f20ce3 Credits drop Required privilege Subscriber...

WordPress Password Protected Plugin <= 2.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Password Protected Type Plugin Vulnerable versions = 2.6.6 Fixed in 2.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0656 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7a68f344cd36 Credits Felipe Restrepo...

WordPress Coming Soon Maintenance Mode Plugin <= 1.0.5 is vulnerable to Sensitive Data Exposure

Software Coming Soon Maintenance Mode Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1475 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6da3f77ac231 Credits Francesco...

PT-2024-5216 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 122.0.6261.57 Description: The issue is related to a use after free in DevTools, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could enable the attacke...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.26 is vulnerable to Broken Access Control

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.26 Fixed in 1.27 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aef94ec88b0d Credits Ngô Thiên ...

Petrol Pump Management Software 1.0 Shell Upload Vulnerability

Exploit Title: Petrol pump management software - File Upload Remote Code Execution RCE unauthenticated Application: Petrol pump management software Date: 20.02.2024 Bugs: File Upload Remote Code Execution RCE unauthenticated Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/...

SwaggerSpy - Automated OSINT On SwaggerHub

SwaggerSpy is a tool designed for automated Open Source Intelligence OSINT on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals. What is...

WordPress Cwicly Plugin <= 1.4.0.2 is vulnerable to Remote Code Execution (RCE)

Software Cwicly Type Plugin Vulnerable versions = 1.4.0.2 Fixed in 1.4.0.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-24707 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 03a26bc8d3c0 Credits Snicco Required privilege Contributo...

Cupid in the cloud: celebrating developer and security team partnerships

In cloud security, the most compelling love story is the one between developers and security teams. This Valentine’s Day, let's shine a spotlight on these dynamic duos...

A Bootiful Podcast: Oracle Java Developer Advocate Nicolai Parlog on the latest and greatest in Java

Hi, Spring fans! In this installment, I talk to Oracle Java Developer Advocate Nicolai Parlog on the latest and greatest in Java...

WordPress Peach Payments Gateway Plugin <= 3.1.9 is vulnerable to Broken Access Control

Software Peach Payments Gateway Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-25922 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ed5c43af060 Credits Abdi Pranata Required...