CVE-2022-2987

The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings which are hooked to the init action, allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used t...

PT-2021-7108 · Unknown +1 · Tuleap Community Edition +3

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 13.2.99.31 Community Edition Tuleap versions prior to 13.1-5 Enterprise Edition Tuleap versions prior to 13.2-3 Enterprise Edition Description: The issue arises from improper sanitization of the search filter built fr...