WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Other Vulnerability Type

Software Multi Rating Type Plugin Vulnerable versions = 5.0.6 Fixed in N/A OWASP Top 10 A1: Injection Classification Other Vulnerability Type CVE CVE-2023-32127 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 84e75518f454 Credits yuyudhn Required privilege Unauthenticated...

A Bootiful Podcast: Java Champion Ken Kousen on Gradle, Java, Kotlin, Mockito, and more

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Java Champion Ken Kousen @kenkousen, live from the Great International Developer Summit 2023 in beautiful Bangalore, India, about Gradle, the Kotlin DSL, Java, and so much more Check out Ken's awesome Youtube channel...

WordPress Manager for Icomoon Plugin <= 2.0 is vulnerable to Arbitrary File Upload

Software Manager for Icomoon Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-29386 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 0add1822a9fe Credits deokhunKim Required privilege Administrat...

WordPress WPO365 | Mail Integration for Office 365 / Outlook Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)

Software WPO365 | Mail Integration for Office 365 / Outlook Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32119 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID...

CVE-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

UBUNTU-CVE-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

WordPress URL Params Plugin < 2.5 is vulnerable to Cross Site Scripting (XSS)

Software URL Params Type Plugin Vulnerable versions 2.5 Fixed in 2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0274 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c07bdc476562 Credits Lana Codes Required privilege...

WordPress FV Flowplayer Video Player Plugin <= 7.5.32.7212 is vulnerable to Cross Site Scripting (XSS)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.32.7212 Fixed in 7.5.35.7212 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30499 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 08f2f9dc3464...

CVE-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

WordPress CM Pop-Up banners Plugin <= 1.5.10 is vulnerable to SQL Injection

Software CM Pop-Up banners Type Plugin Vulnerable versions = 1.5.10 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-30750 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID a1957d5dbbe6 Credits Dave Jong Patchstack Required privilege...

WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Albo Pretorio Online Type Plugin Vulnerable versions = 4.6.3 Fixed in 4.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32109 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 17b880fb4602 Credits Phd Required...

CVE-2023-2069

GitLab CVE-2023-2069 affects multiple release tracks: 10.0–12.9.7, 12.10–12.10.6, and 13.0–13.0.0. The vulnerability allows a user with the Developer role to leak CI/CD variables via the Import Project feature. The issue’s root cause is tied to that feature’s handling of project import, enabling ...

PT-2023-17555 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 10.0 through 12.9.7 GitLab versions 12.10 through 12.10.6 GitLab versions 13.0 through 13.0.0 Description: An issue has been discovered in GitLab where a user with the role of developer could use the import project feature to...

CVE-2023-2069

Removed by vendor...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that a us...

WordPress JupiterX Theme <= 3.0.0 is vulnerable to Local File Inclusion

Software JupiterX Type Theme Vulnerable versions = 3.0.0 Fixed in 3.1.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-32110 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 5d8f9e2208af Credits Rafie Muhammad Patchstack Required privilege...

WordPress WP Visitor Statistics (Real Time Traffic) Plugin < 6.9 is vulnerable to SQL Injection

Software WP Visitor Statistics Real Time Traffic Type Plugin Vulnerable versions 6.9 Fixed in 6.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0600 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 05f734351f7a Credits Trần Quốc Trường An Required...

Dreamer CMS 安全漏洞

Dreamer CMS is a dreamer content management system by Junnan Wang, a Chinese individual developer. A security vulnerability exists in Dreamer CMS version 4.1.3 and prior versions. An attacker exploited the vulnerability to cause a reduction in algorithm complexity...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Privilege escalation for external users when OIDC is enabled under certain conditions Account takeover through open redirect for Group SAML accounts Users on banned IP addresses can still commit to projects User with developer role group can modify Protected branches setting on...