Undesired Behavior

Overview Affected versions of this package are vulnerable to Undesired Behavior. It contains a dependency on the SponsorLink package, which runs an obfuscated closed-source executable at buildtime. That executable spawns OS processes and performs network requests, including transferring a...

KLA51717 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing...

Elite North Korean Hackers Breach Russian Missile Developer

By Waqas North Korean hackers from OpenCarrot and Lazarus breached NPO Mashinostroyeniya, a major Russian missile developer, for at least five months last year. This is a post from HackRead.com Read the original post: Elite North Korean Hackers Breach Russian Missile Developer...

WordPress Photo Gallery by Ays Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Photo Gallery by Ays Type Plugin Vulnerable versions = 5.2.6 Fixed in 5.2.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39917 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dcde53c55582 Credits Skalucy Requir...

Pixel Update Bulletin—August 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2023-08-05 or later address all issues in this bulletin and all issues in the August 2023 Android...

Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones Run the below command in the developer console ...

Improper Privilege Management

Gitlab is vulnerable to Improper Privilege Management. The vulnerability is due to flowed permission validation which allowed group members with a developer role to elevate their privilege to a maintainer on projects they import...

Incorrect Authorization

gitlab is vulnerable to Incorrect Authorization. The vulnerability is within the interactive web terminal allowing a malicious user with the developer role to open terminals on different developers...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because a user with the role of developer could use the import project feature to leak CI/CD variables...

CVE-2023-30958 DOM XSS in Developer mode dashboard via redirect GET parameter

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

How Malicious Android Apps Slip Into Disguise

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a...

WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Remote Code Execution (RCE)

Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4141 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 3305b62d3bbf Credits István Márton Required...

WordPress Simple Ticker Plugin <= 3.05 is vulnerable to Cross Site Scripting (XSS)

Software Simple Ticker Type Plugin Vulnerable versions = 3.05 Fixed in 3.06 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbbc4c8f4c4a Credits Unknown Required privilege Contributor...

WordPress Advanced Custom Fields Plugin 6.1-6.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.1-6.1.7 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40068 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ad8c9dc6f2b9 Credits Satoo Nakano...

WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Remote Code Execution (RCE)

Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4142 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID a395389d1982 Credits István Márton Required...

WordPress Stripe Payment Gateway for WooCommerce Plugin <= 3.7.7 is vulnerable to Privilege Escalation

Software Stripe Payment Gateway for WooCommerce Type Plugin Vulnerable versions = 3.7.7 Fixed in 3.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-3162 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID...

WordPress Bus Ticket Booking with Seat Reservation Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Bus Ticket Booking with Seat Reservation Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4067 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ff22313121e4...

WordPress WP Front User Submit / Front Editor Plugin < 4.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Front User Submit / Front Editor Type Plugin Vulnerable versions 4.0.4 Fixed in 4.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1982 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f5fb2f3572ae Credits Vikas...

WordPress Shop as a Customer for WooCommerce Plugin < 1.2.4 is vulnerable to Privilege Escalation

Software Shop as a Customer for WooCommerce Type Plugin Vulnerable versions 1.2.4 Fixed in 1.2.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE N/A Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 10934473fa31 Credi...

WordPress TI WooCommerce Wishlist Plugin < 2.7.4 is vulnerable to SQL Injection

Software TI WooCommerce Wishlist Type Plugin Vulnerable versions 2.7.4 Fixed in 2.7.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID c17351d59e94 Credits WordFence Required privilege Unauthenticated Publish...