269 matches found
CVE-2024-34113 ColdFusion | Weak Cryptography for Passwords (CWE-261)
ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the...
CVE-2024-34113
Adobe ColdFusion is affected by CVE-2024-34113 (Weak Cryptography for Passwords) affecting ColdFusion 2023u7, 2021u13 and earlier. The issue stems from insufficiently strong cryptographic algorithms or flawed implementation used for password protection, enabling potential decryption or guessing o...
CVE-2024-4149
CVE-2024-4149 affects the Floating Chat Widget (Chaty) WordPress plugin prior to 3.2.3. The vulnerability stems from unsanitized/uncleaned settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Affected version range: before 3.2.3. The impact...
CVE-2024-5483
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of getitemspermissionscheck function. This makes it possible for unauthenticated attackers to extract basic...
CVE-2024-26999
In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...
Gradio Path Traversal Vulnerability
Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a path traversal vulnerability that stems from a flawed user-supplied JSON value in an API request, which could remotely trigger a local file include...
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Summary The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that...
CVE-2023-42797
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.20, CP-8050 MASTER MODULE All versions CPCI85 V05.20. The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being...
US pharmacy Rite Aid banned from operating facial recognition systems
Pharmacy chain Rite Aid has been denied the right to run facial recognition systems in its stores for five years, by a Federal Trade Commission FTC ruling. The regulator found so many flaws in the retailers surveillance program that it concluded Rite Aid had failed to implement reasonable...
CVE-2023-5953
The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server...
Mint amount calculation in deposit is incorrect
Lines of code Vulnerability details Summary The calculation in the deposit function of the DepositPool contract is flawed as it factors the deposited amount into the RSETH price to calculate the amount to mint. Impact When a user deposits in the DepositPool contract, the amount of RSETH to mint i...
Vulnerability in Token Withdrawal Function
Lines of code Vulnerability details Impact Flawed logic in token withdrawal function allows for selective withdrawal of high-value tokens and fails in single-token scenarios. // Sum up total amount of each token to withdraw. uint256 memory withdrawAmounts = new uint256; IERC20 prevToken; for...
Damon Enterprise Manager has a flawed logic vulnerability
Damon Enterprise Manager is a centralized management platform that monitors, manages and maintains DM databases through a web interface. A logic flaw vulnerability exists in Damon Enterprise Manager, which can be exploited by an attacker to delete arbitrary operating system files, resulting in...
quorum and quota calculation logic is flawed
Lines of code Vulnerability details Impact quorum and quota calculation logic is flawed Proof of Concept votes to be valid, and if the poll passed or failed. At the time of writing, then QUORUM value is 33% of active stake, and the QUOTA is 50%, meaning that as long as 1/3rd of active stake votes...
Any call to settle a bond can be reverted by donating 1 WEI to the VaultLP contract
Lines of code Vulnerability details Impact Any settle call can be reverted, thus disallowing the protocol from settling any options and from releasing the locked tokens. Proof of Concept The protocol admin calls settle on an option when its price gets bellow the strike price, at which the option ...
Incorrect Re-Entrancy Lock Allocation
vyper is vulnerable to Incorrect Re-Entrancy Lock Allocation. The allocation of named re-entrancy locks is flawed, which makes cross-function re-entrancy possible in contracts, because each function employing a named re-entrancy lock receives a distinct lock independent of the key under a specifi...
WordPress WPCode - Insert Headers and Footers Plugin < 2.0.9 CSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpcode:wpcode"; ifdescription...
CVE-2023-20216
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...
Cross site request forgery (csrf)
The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2,...
Cross site request forgery (csrf)
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...