WordPress Title Experiments Free plugin <= 9.0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Title Experiments Free versions = 9.0.4...

WordPress plugin Title Experiments Free 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the possibility of writing beyond buffer boundaries during the processing of DOE files. This allows a hacker to execute arbitrary code.

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the issue of writing beyond buffer boundaries during the processing of DOE files. Exploiting this vulnerability allows attackers to execute arbitrary code by loading a specially crafted...

Rockwell Automation Arena 安全漏洞

Rockwell Automation Arena Simulation is the American Rockwell Rockwell Automation company's set of simulation software to provide 3D animation and graphics capabilities. A memory misreference code execution vulnerability exists in the Rockwell Automation Arena Simulation DOE file that can be...

Rockwell Automation Arena 安全漏洞

Rockwell Automation Arena is a discrete event simulation and automation software from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Arena version 16.20.00 and prior versions that stems from the presence of a post-release reuse vulnerability that allows a threat...

PT-2024-32837 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.1.5 Description: A vulnerability in eLabFTW allows an attacker to inject arbitrary HTML tags in the pages "experiments.php" show mode, "database.php" show mode, or "search.php". This is achieved by providing HTML...

PT-2024-18926 · Unknown · Langchain Experimental +1

Name of the Vulnerable Software and Affected Versions: langchain-experimental versions 0.0.15 through 0.0.21 Description: The issue allows for Arbitrary Code Execution when retrieving values from the database. An attacker can exploit this by controlling the input prompt and executing arbitrary...

lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management

Withdrawn: This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that package. In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datase...

Unredacting Pixelated Text

Experiments in unredacting text that has been pixelated...

BIT-GITLAB-2023-4018 Direct Request ('Forced Browsing') in GitLab

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects...

A Celebrated Cryptography-Breaking Algorithm Just Got an Upgrade

Two researchers have improved a well-known technique for lattice basis reduction, opening up new avenues for practical experiments in cryptography and mathematics...

ASB-A-278303745

In discoverythread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ai.databand.azkaban:azkaban-common (=3.18.0), ai.databand.azkaban:azkaban-exec-server (=3.18.0) +8708 more potentially affected by CVE-2023-22102 via mysql:mysql-connector-java (>=3.0.10 <=8.0.33)

mysql:mysql-connector-java MAVEN version =3.0.10, =0.5.0, =0.5.0, =0.1.0, =4.1.3, =0.0.13, =1.13.3, =j8.2.2.0, =2.1.0, =1.0.0, =0.0.3, =0.0.5 and more Source cves: CVE-2023-22102 Source advisory: OSV:GHSA-M6VM-37G8-GQVH...

Input validation

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects...

CVE-2023-4018

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects...

UBUNTU-CVE-2023-4018

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects...

CVE-2023-4018 Direct Request ('Forced Browsing') in GitLab

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects...

CVE-2023-4018

Removed by vendor...

PT-2023-27309 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab due to improper permission validation, making it possible to create model experiments in public projects...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that stems from improper privileg...