181 matches found
CVE-2023-5025
A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has...
CVE-2021-26308
An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness...
freetype security update
2.10.4-10 - Fix for CVE-2025-27363 out-of-bound write vulnerability - Patch initially by Marc Deslauriers of Canonical - https://www.openwall.com/lists/oss-security/2025/03/14/3 - Adjusted for EL9 by Jonathan Wright of AlmaLinux - and a member of the Meta security team - Resolves: RHEL-83105...
CVE-2025-27340
Cross-Site Request Forgery CSRF vulnerability in Forge12 Interactive GmbH F12-Profiler f12-profiler allows Cross Site Request Forgery.This issue affects F12-Profiler: from n/a through = 1.3.9...
CVE-2025-27340
Cross-Site Request Forgery CSRF vulnerability in Forge12 Interactive GmbH F12-Profiler f12-profiler allows Cross Site Request Forgery.This issue affects F12-Profiler: from n/a through = 1.3.9...
CVE-2025-27340
CVE-2025-27340 describes a CSRF vulnerability in the WordPress plugin F12-Profiler (versions up to 1.3.9). The issue allows unauthorized cross-site requests due to CSRF weaknesses in the plugin. Public references in the connected docs consistently identify the affected software as the F12-Profile...
CVE-2024-51652
Cross-Site Request Forgery CSRF vulnerability in marckocher Skip To skip-to allows Stored XSS.This issue affects Skip To: from n/a through = 2.0.0...
CVE-2024-51652
CVE-2024-51652 : WordPress plugin Skip To is affected by a CSRF to Stored Cross-Site Scripting (XSS) vulnerability. The CVE description indicates a CSRF flaw that enables Stored XSS in Skip To versions n/a through 2.0.0. Connected sources substantiate the issue for the Skip To plugin and list the...
WordPress Jetpack Plugin < 13.9.1 is vulnerable to Broken Access Control
Software Jetpack Type Plugin Vulnerable versions 13.9.1 Fixed in 13.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 675e1d99d774 Credits Marc Montpas Required privilege...
Marc@TMS CMS 1.0 SQL Injection
============================================================================================================================================= | Title : Marc@TMS cms v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
MAL-2024-2199 Malicious code in down_load_ebook_mochilas_by_marc_torrent_barcelo_lyona_upa6q (npm)
--- -= Per source details. Do not edit below this line.=-...
marcenerwin.nl Improper Access Control vulnerability OBB-3922923
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Koha 跨站脚本漏洞
Koha is a Koha organization's system for automated library management building. A cross-site scripting vulnerability exists in Koha 20180108 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the file /cgi-bin/koha/opac-MARCdetail.pl...
About the security content of GarageBand 10.4.11
About the security content of GarageBand 10.4.11 This document describes the security content of GarageBand 10.4.11. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...
marc-i.net Improper Access Control vulnerability OBB-3858664
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
marc-coester.eu Improper Access Control vulnerability OBB-3824881
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Automad Code Injection Vulnerability
Automad is a flat file content management system and template engine by Marc Anton Dahmen, an individual developer. A code injection vulnerability exists in Automad 1.10.9 and earlier versions, which stems from a stored cross-site scripting XSS vulnerability in the parameter sitename of the file...
WordPress WP Go Maps Plugin < 9.0.28 is vulnerable to Cross Site Scripting (XSS)
Software WP Go Maps Type Plugin Vulnerable versions 9.0.28 Fixed in 9.0.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6627 Patch priority Medium CVSS severity Medium 7.1 Developer WP Go Maps PSID 5fe45794e92f Credits Marc Montpas Required...
marc.baffl.co.uk Cross Site Scripting vulnerability OBB-3746308
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress is vulnerable to Sensitive Data Exposure
Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 33dadfeb4ac4 Credits Marc-Alexandre Montpas Automattic Required privile...