Integer Overflow

ThreeTen backport is vulnerable to integer overflow. The vulnerability is due to missing string validation in the org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition method, which returns a StringIndexOutOfBoundsException if the CharSequence is empty...

PHPGurukul Emergency Ambulance Hiring Portal SQL注入漏洞

Emergency Ambulance Hiring Portal is an emergency ambulance hiring portal. Emergency Ambulance Hiring Portal suffers from a SQL injection vulnerability that originates from a lack of validation of an externally-entered SQL statement for the parameter username in the file /admin/forgot-password.ph...

The vulnerability of the Moby container isolation system creation software lies in the lack of proper validation for the incoming requests. This allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Moby container isolation system creation software lies in the lack of checks for the correctness of the requests received. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2024-1205

The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvellouploadcsvfile function in all versions up to, and including, 1.2.0. This...

PT-2024-3946 · Unknown +1 · Djangorestframework-Simplejwt +1

Name of the Vulnerable Software and Affected Versions: djangorestframework-simplejwt versions 5.3.1 and before Description: The issue is related to information disclosure due to missing user validation checks via the for user method. This allows a user to access web application resources even aft...

CVE-2024-0839

The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive...

Input validation

The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...

Out-of-bounds

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-0050

CVE-2024-0050 involves an out-of-bounds write in the getConfig path of SoftVideoDecoderOMXComponent.cpp. The issue is triggered via missing validation and results in a local, non‑security impact with no additional execution privileges required (no user interaction). Affected detail: the vulnerabi...

CVE-2024-0050

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2024-15323 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software name or version is mentioned in the provided descriptions. Description: In the getConfig function of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could...

CVE-2024-20024

In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541635; Issue ID: ALPS08541635...

PT-2024-18513 · Mediatek +1 · Mt6739 +18

Name of the Vulnerable Software and Affected Versions: In da affected versions not specified Description: The issue is related to a possible out of bounds write due to lack of validation, which could lead to local escalation of privilege. System execution privileges are needed for exploitation, a...

ASB-A-273935108

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

WordPress Plugin SKT Page Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes and crash because of a missing check for ubi->leb_size.

...

CVE-2023-6635

The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload...

CVE-2024-0699 AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url

The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addimagefromurl' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with...

Customer Reviews for WooCommerce < 5.38.10 - Author+ Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the ivoleimportuploadcsv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary file...

CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...