WordPress My Calendar Plugin <= 3.4.23 is vulnerable to Cross Site Scripting (XSS)

Software My Calendar Type Plugin Vulnerable versions = 3.4.23 Fixed in 3.4.24 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-25916 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0654701560fd Credits Steven Julian Required privilege...

WordPress Paid Member Subscriptions Plugin <= 2.11.1 is vulnerable to Broken Access Control

Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.11.1 Fixed in 2.11.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1390 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6361d41c5a14 Credits Lucio Sá Required...

WordPress WP Setup Wizard Plugin <= 1.0.8.1 is vulnerable to Sensitive Data Exposure

Software WP Setup Wizard Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-25917 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5a05aed5e6cb Credits Dave Jong Patchstack...

WordPress EazyDocs Plugin < 2.4.0 is vulnerable to Broken Access Control

Software EazyDocs Type Plugin Vulnerable versions 2.4.0 Fixed in 2.4.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0248 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64066df73b6f Credits Majed Refaea Required privilege...

KLA63960 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in .NET can be exploited remotely to cause deni...

WordPress Web3 – Crypto wallet Login & NFT token gating Plugin < 3.0.0 is vulnerable to Broken Authentication

Software Web3 – Crypto wallet Login & NFT token gating Type Plugin Vulnerable versions 3.0.0 Fixed in 3.0.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-6036 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 9bc7bba9b677 Credits...

WordPress MapPress Maps for WordPress Plugin < 2.88.16 is vulnerable to Sensitive Data Exposure

Software MapPress Maps for WordPress Type Plugin Vulnerable versions 2.88.16 Fixed in 2.88.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0421 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 800421954891 Credits Erwan LR...

WordPress PJ News Ticker Plugin <= 1.9.5 is vulnerable to Cross Site Scripting (XSS)

Software PJ News Ticker Type Plugin Vulnerable versions = 1.9.5 Fixed in 1.9.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25094 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c60a939bac71 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1335 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 78d30d4717e8 Credi...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0983 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3893271a34ec Credits Frances...

WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload

Software WP Media folder Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25909 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID e05dfe398169 Credits Dave Jong Patchstack Required privilege...

Security Bulletin: IBM Rational Developer for i is vulnerable to a phishing attack due to a flaw in follow-redirects (CVE-2023-26159).

Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to conduct phishing attacksCVE-2023-26159. This bulletin identifies the steps to take to address the...

CVE-2024-23639

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

WordPress Before After Image Slider WP Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software Before After Image Slider WP Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24931 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a36c65d6ecc8 Credits Ngô Thiên An ancorn from...

UBUNTU-CVE-2023-6564

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or...

CVE-2023-6564

GitLab CVE-2023-6564 affects GitLab EE Premium and Ultimate versions 16.4.3, 16.5.3, and 16.6.1. In projects that use subgroups to define who can push or merge to protected branches, subgroup members with the Developer role could push or merge to those protected branches, indicating an authorizat...

WordPress Royal Elementor Addons Plugin <= 1.3.87 is vulnerable to Cross Site Request Forgery (CSRF)

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.87 Fixed in 1.3.88 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0512 Patch priority Low CVSS severity Low 4.3 Developer WProyal PSID 883b845e41ec Credits Francesco Carlucci...

WordPress WP Recipe Maker Plugin <= 9.1.2 is vulnerable to Broken Access Control

Software WP Recipe Maker Type Plugin Vulnerable versions = 9.1.2 Fixed in 9.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1206 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 59c6b1fa45e4 Credits Lucio Sá Required privilege...

CVE-2024-24806 Improper Domain Lookup that potentially leads to SSRF attacks in libuv

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...