25 matches found
GHSA-V2JF-442R-6MJH nebula-mesh: Signed-poll nonce LRU is in-memory and bounded; replay survives restart + eviction
internal/api/pop/nonce.go:25,40,86 + internal/api/server.go:38 — the signed-poll nonce cache is an in-process LRU sized at 65,536 entries. internal/api/updates.go:31 sets pollClockSkew = 5 time.Minute as the replay window. Affected All released versions through v0.3.0 that have shipped the ADR 00...
PT-2026-51646
Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.1 Description In S3-backed deployments, the system fails to perform authorization checks before generating temporary URLs for signature image retrieval. Authenticated users who possess a signature filename can...
EUVD-2022-24971
Malicious code in bioql PyPI...
CVE-2022-1686
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...
VPN SNX portal may be vulnerable to brute-force attack on passwords
Cause The VPN SNX portal in the IPsec VPN Software Blade does not implement any protection against brute-force attack on usernames/passwords. Symptoms - The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender SNX. If the portal is configured for...
WordPress Five Minute Webshop plugin SQL injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. WordPress Five Minute Webshop plugin 1.3.2 and previous versions are vulnerable to SQL injection, which...
CVE-2022-1685
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection...
CVE-2022-1686
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...
CVE-2022-1686
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...
CVE-2022-1685
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection...
CVE-2022-1686
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...
CVE-2022-1685
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection...
Sql injection
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection...
Sql injection
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...
WordPress plugin Five Minute Webshop SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WordPress Five Minute Webshop plugin 1.3.2 and earlier versions are vulnerable to SQL injection, whic...
WordPress plugin Five Minute Webshop SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. WordPress Five Minute Webshop plugin 1.3.2 and previous versions are vulnerable to SQL injection, which...
CVE-2022-1686 Five Minute Webshop <= 1.3.2 - Admin+ SQLi via id
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...
CVE-2022-1686
CVE-2022-1686 affects the WordPress Five Minute Webshop plugin (versions ≤ 1.3.2). The vulnerability arises from improper sanitisation/escaping of the id parameter when editing a product via the admin dashboard, allowing SQL Injection. Exploitation is evidenced by authenticated SQLi disclosures a...
CVE-2022-1685 Five Minute Webshop <= 1.3.2 - Admin+ SQLi via orderby
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection...
WordPress Five Minute Webshop plugin <= 1.3.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer Fraunhofer IESE, Germany and Shi Chen University of Kaiserslautern, Germany in the WordPress Five Minute Webshop plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022...