PT-2021-14723 · Jenkins · Jenkins Nested View Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Nested View Plugin versions 1.20 and earlier Description: The issue arises from the Jenkins Nested View Plugin not configuring its XML transformer to prevent XML external entity XXE attacks. This allows attackers who can configure vie...

Jenkins 代码问题漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A code issue vulnerability exists in Jenkins Nested View Plugin 1.20 and earlier, which arises from an improperly designe...

CVE-2021-38343

The Nested Pages WordPress plugin = 3.1.15 was vulnerable to an Open Redirect via the page POST parameter in the npBulkActions, npBulkEdit, npListingSort, and npCategoryFilter adminpost actions...

CVE-2021-38342

The Nested Pages WordPress plugin = 3.1.15 was vulnerable to Cross-Site Request Forgery via the npBulkActions and npBulkEdit adminpost actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other...

CVE-2021-38343

The Nested Pages WordPress plugin = 3.1.15 was vulnerable to an Open Redirect via the page POST parameter in the npBulkActions, npBulkEdit, npListingSort, and npCategoryFilter adminpost actions...

CVE-2021-38342

The Nested Pages WordPress plugin = 3.1.15 was vulnerable to Cross-Site Request Forgery via the npBulkActions and npBulkEdit adminpost actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other...

CVE-2021-38342

CVE-2021-38342 (Nested Pages WordPress plugin

CVE-2021-38343

The CVE-2021-38343 vulnerability affects the Nested Pages WordPress plugin

GHSA-88F9-7XXH-C688 Cachet configuration leak

Impact Authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. Patches This issue was addressed by improving UpdateConfigCommandHandler and...

PT-2021-22063 · WordPress · Nested Pages

Name of the Vulnerable Software and Affected Versions: Nested Pages WordPress plugin versions 3.1.15 and earlier Description: The issue concerns an Open Redirect vulnerability via the page POST parameter in the npBulkActions, npBulkEdit, npListingSort, and npCategoryFilter admin post actions...

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress...

WordPress 插件输入验证错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress...

PT-2021-22062 · WordPress · Nested Pages

Name of the Vulnerable Software and Affected Versions: Nested Pages WordPress plugin versions = 3.1.15 Description: The issue allows attackers to perform Cross-Site Request Forgery attacks via the npBulkAction and npBulkEdit actions, enabling them to modify posts, including trashing or purging...

CVE-2021-39174

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. This issue was...

Default configuration

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. This issue was...

GHSA-XR7R-88QV-Q7HM Out of bounds write in serde_cbor

Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization. This allows an attacker to craft small 1 kB CBOR documents that cause a stack overflow. The flaw was corrected by limiting the allowed number of nested tags...

GHSA-G8WG-CJWC-XHHP Heap OOB in nested `tf.map_fn` with `RaggedTensor`s

Impact It is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap: python import...

Nested Pages < 3.1.16 - Open Redirect

The plugin was vulnerable to an Open Redirect via the page POST parameter in the npBulkActions, npBulkEdit, npListingSort, and npCategoryFilter adminpost actions...

WordPress Nested Pages plugin <= 3.1.15 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Post Deletion and Modification

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Post Deletion and Modification discovered by Ramuel Gall WordFence in WordPress Nested Pages plugin versions = 3.1.15. Solution Update the WordPress Nested Pages plugin to the latest available version at least 3.1.16...

WordPress Nested Pages plugin <= 3.1.15 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Ram Gall WordFence in WordPress Nested Pages plugin versions = 3.1.15. Solution Update the WordPress Nested Pages plugin to the latest available version at least 3.1.16...