HCL Technologies HCL Connections Security Breach

HCL Technologies HCL Connections is a suite of enterprise collaboration platforms from HCL Technologies, USA. A security vulnerability exists in HCL Technologies HCL Connections Docs 2.0.2 and earlier versions, which stems from vulnerability to cross-site scripting attacks and can be exploited by...

WordPress plugin WP Docs cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

WordPress plugin WP Docs cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

PT-2024-13273

Name of the Vulnerable Software and Affected Versions HCL Connections Docs versions prior to 2.0.2 Description HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and...

WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WP Docs versions = 2.1.3...

WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WP Docs versions = 2.1.3...

WordPress WP Docs Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Docs Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35696 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0c51b0b8b213 Credits LVT-tholv2k Required privilege...

WordPress WP Docs Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Docs Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35695 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a1b525bc9c53 Credits LVT-tholv2k Required privilege Contributor...

dagster-dbt (>=0.21.7 <=0.21.12), dbt-docs-mcp (=0.0.1) +5 more potentially affected by CVE-2024-36105 via dbt-core (>=1.8.0 <=1.8.0rc2)

dbt-core PYPI version =1.8.0, =0.21.7, =0.5.3, =1.8.0b1, =1.12.1rc1, =1.14.0b6 Source cves: CVE-2024-36105 Source advisory: OSV:GHSA-PMRX-695R-4349...

GHSA-PMRX-695R-4349 dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDRANY by passing "" as the address. This...

CVE-2024-36105 dbt allows Binding to an Unrestricted IP Address via socketsocket

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the...

CVE-2024-36105

CVE-2024-36105 affects dbt-core prior to 1.6.15, 1.7.15, and 1.8.1. The issue arises when the docs server binds to INADDR_ANY or IN6ADDR_ANY (0.0.0.0/::) instead of localhost, exposing the HTTP server on all network interfaces. This can enable unauthorized access from other hosts on the same netw...

CVE-2024-36105 dbt allows Binding to an Unrestricted IP Address via socketsocket

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the...

Malicious code in tec-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 125ddb22e15354e2319586116faa892343d4a86c8f79c9d6ed274d9acfb5f20d The OpenSSF Package Analysis project identified 'tec-docs' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Mageia: Security Advisory (MGASA-2024-0181)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI...

CVE-2024-3403

CVE-2024-3403 affects imartinez/privategpt v0.2.0 with a local file inclusion weakness that enables reading arbitrary files via manipulated file upload, exposing files through the app’s “Search in Docs” feature or AI queries. Impact notes in sources include potential remote code execution by expo...

PT-2024-25655 · Unknown · Imartinez/Privategpt

Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version 0.2.0 Description: The issue allows attackers to read arbitrary files from the filesystem by exploiting a local file inclusion vulnerability. This can be achieved by manipulating file upload functionality to inges...

WordPress plugin BasePress Docs 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin BasePress Docs 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A code issue...