WordPress plugin Popup Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of UEFI (BIOS) in Huawei personal computers allows a hacker to gain unauthorized access to arbitrary functions.

The vulnerability of UEFI BIOS in Huawei personal computers is related to improper control of access to the SMI handler interface. Exploiting this vulnerability can allow an attacker to gain unauthorized access to arbitrary functions...

MultiVendorX Marketplace < 4.0.26 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check, allowing unauthenticated attackers to call a function that should be accessible to higher users only...

PT-2023-9302 · Espeak-Ng +6 · Espeak-Ng +6

Name of the Vulnerable Software and Affected Versions: Espeak-ng version 1.52-dev Description: The issue is related to a Stack Buffer Underflow via the CountVowelPosition function at synthdata.c. This could allow an attacker to cause a denial of service or potentially execute arbitrary code. The...

PT-2023-30702 · Tenda · Tenda Ax1803

Name of the Vulnerable Software and Affected Versions: Tenda AX1803 version 1.0.0.1 Description: The issue is related to a stack overflow via the time parameter in the saveParentControlInfo function, allowing attackers to cause a Denial of Service DoS attack. Recommendations: For Tenda AX1803...

Based on the functionality, if the releaseEscrow() function can be called by unauthorized entities, it can lead to potential misuse or unintended transfer of assets.

Lines of code Vulnerability details Impact The absence of access control on the releaseEscrow function presents a significant security risk. As it currently stands, any external actor or contract can invoke this function, which may result in the unintended release of escrowed funds. This opens up...

JVN#78634340: Multiple vulnerabilities in WAVLINK WL-WN531AX2

WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C|...

PT-2023-22694 · Ibm · Ibm Powervm Hypervisor

Name of the Vulnerable Software and Affected Versions: IBM PowerVM Hypervisor versions FW860.00 through FW860.B3 IBM PowerVM Hypervisor versions FW950.00 through FW950.70 IBM PowerVM Hypervisor versions FW1010.00 through FW1010.50 IBM PowerVM Hypervisor versions FW1020.00 through FW1020.30 IBM...

CVE-2023-31435

Multiple components such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly...

PT-2022-22563 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: SWFTools version 772e55a2 Description: A heap-buffer overflow issue was discovered in SWFTools via the DCTStream::readHuffSymDCTHuffTable function at /xpdf/Stream.cc. This issue affects the specified commit. Recommendations: For SWFTools...

PT-2024-8455 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the Linux kernel's enetc driver, which allows for the configuration of TSN features through a mix of command BD ring messages and port registers. Howeve...

block.timestamp used as time proxy

Lines of code Vulnerability details block.timestamp used as time proxy Impact a. Summary: Risk of using block.timestamp for time should be considered. b. Details: block.timestamp is not an ideal proxy for time because of issues with synchronization, miner manipulation and changing block times. In...

Pear Admin Think 跨站脚本漏洞

Pear Admin Think is a rapid development platform based on thinkphp6 that allows you to quickly build your functional business with simple code generation functionality. pear Admin Think 5.0.6 and prior versions contain a cross-site scripting vulnerability that stems from the program's lack of dat...

CVE-2020-35782

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations,...

SAP Netweaver 授权问题漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An authorization issue vulnerability exists in SAP Netweaver AS JAVA P2P Cluster Communication versions 7.11,...

CVE-2019-20641

NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level...

CVE-2014-4198

A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows a perpetrator to disclose protected information

The vulnerability of the Secure Boot protocol for loading operating systems on Windows is related to errors in accessing debugging functions during the loading process. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by the security measures...

CVE-2019-9679

Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build tim...

PT-2019-14589

Name of the Vulnerable Software and Affected Versions py-lmdb version 0.97 Description An issue was discovered in py-lmdb where for certain values of mn flags, mdb cursor set triggers a memcpy with an invalid write operation within mdb xcursor init1. This issue occurs when accessing a data.mdb fi...