CVE-2022-21361

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Sample apps. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic...

Oracle MySQL 输入验证错误漏洞

Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server is vulnerable to an input validation error that could be exploited by an attacker to update, insert, or delete access to MySQL Server accessible data without authorization...

Oracle Communications 安全漏洞

Oracle Communications is a product of Oracle Corporation USA. provides integrated communications and cloud solutions for service providers and enterprises to accelerate their digital transformation.A security vulnerability exists in Oracle Communications Operations Monitor, which could be exploit...

Mozilla: Out-of-bounds memory access when inserting text in edit mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...

Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed On the Learning Management page /wp-admin/admin.php?page=cluevo-lms, click Add Course, then put the followi...

PT-2025-37618

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak within the orangefs sysfs init function when the orangefs module is inserted and removed. This results in unreferenced kobjects leaking memory. Th...

CVE-2021-35232

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...

OSV-2021-1754 UNKNOWN READ in insert_free_size

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42917 Crash type: UNKNOWN READ Crash state: insertfreesize chunkfreeobject pdfipscriptstackfinit...

CVE-2021-42117

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution...

WordPress Insert Pages plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Insert Pages plugin has a cross-site scripting vulnerability in versions prior to 3.7.0, whi...

WordPress Insert Pages License Issue Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress Insert Pages plugin in versions prior to 3.7.0,...

OESA-2021-1439 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

CVE-2021-24851

The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue...

CVE-2021-24851

The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue...

CVE-2021-24850

The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...

CVE-2021-24850

The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...

CVE-2021-24851 Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access

The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue...

CVE-2021-24851

The CVE-2021-24851 applies to the WordPress Insert Pages plugin prior to 3.7.0. Affected component: Insert Pages plugin (WordPress). Root cause: insufficient access control allowing users with a role as low as Contributor to access content and metadata from arbitrary posts/pages, regardless of au...

CVE-2021-24850

CVE-2021-24850 concerns the WordPress Insert Pages plugin (versions before 3.7.0). The vulnerability arises from a shortcode that can reveal other pages’ content and custom fields, enabling stored XSS when a user with as little as Contributor privileges embeds payloads in a post’s custom fields. ...

CVE-2021-24850 Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...