248 matches found
thunderbird: Unsanitized address book fields
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...
UBUNTU-CVE-2025-1015
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...
WordPress WP All Import Pro plugin < 4.9.8 - Cross-Site Request Forgery to Imported Content Deletion vulnerability
Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import Pro versions 4.9.8...
WordPress WP All Import plugin <= 3.7.9 - Cross-Site Request Forgery to Imported Content Deletion
Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import versions = 3.7.9...
Malicious code in @add-wallet-exchange/set-imported-csv-message (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85e68f887715288c07927e0e74544a85fd8c7f1fd0ea7afe1ff8d50322fcaa34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Autodesk Revit 缓冲区错误漏洞
Autodesk Revit is a suite of building information modeling software from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk Revit that stems from a potential heap-based overflow if a maliciously crafted SKP file is linked or imported into Autodesk Revit. An attacker...
MAL-2024-12212 Malicious code in backwwii (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cf5e7427061483e779c53f125b5792b2e650261bcdca0a9f4d90e9ca883c04d0 When importing the module, the obfuscated code downloads and runs a remote executable --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
PT-2024-32872 · Unknown +3 · Openrefine +3
Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The built-in error page in OpenRefine includes the exception message and exception traceback without escaping HTML tags, allowing injection into the page if an attacker can produce an error with...
The vulnerability of the Git-based software platform for collaborative code development on GitLab allows a hacker to replace the code in imported CI/CD pipelines.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to replace the code in imported CI/CD pipelines...
WordPress Popup Builder plugin <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File vulnerability
Sensitive Information Exposure via Imported Subscribers CSV File vulnerability discovered by Tim Coen in WordPress Plugin Popup Builder versions = 4.3.6...
WordPress Import and export users and customers plugin <= 1.26.8 - Sensitive Information via Imported File vulnerability
Sensitive Information via Imported File vulnerability discovered by emad Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.26.8...
GitLab Cross-Site Scripting Vulnerability
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A cross-site scripting vulnerability exists in GitLab CE/EE versions 16.9 throu...
PT-2024-6674 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description: The issue is related to a stored XSS vulnerability that can be imported from a project with malicious...
PT-2024-5975 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.0 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 GitLab CE/EE versions 17.2 through 17.2.0 Description: A resource misdirection vulnerability in GitLab allows an attacker to craft a repository import in such...
BIT-CONSUL-2022-3920 Consul Peering Imported Nodes/Services Leak
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0...
Design/Logic Flaw
A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be...
PT-2024-15694 · WordPress · Fluent Forms
Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress versions up to, and including, 5.1.5 Description: The issue is related to Stored Cross-Site Scripting via imported form titles du...
popup-builder < 4.2.6 - Admin+ SSRF & File Read
Description The plugin does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. PoC 1. Create a multi-site wordpress setup, i.e. using docker-containers, and setup a second "site"...
CVE-2023-48257
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution RCE with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticate...
Bosch Nexo cordless nutrunner security breach
Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows a remote attacker to access sensitive data within the export package or perform remote...