CVE-2024-47818 Logged-in users with any role can delete arbitrary files in @saltcorn/server

Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the sync/cleansyncdir endpoint. The dirname POST parameter is not validated/sanitized and is used to construct the syncDir that is...

Wukong_nocode Code Issue Vulnerability

Wukongnocode Wukong no code is Wukong CRM WukongCRM open source a no-code platform development tools. Enterprises can independently and quickly develop a suitable information system for the needs of the enterprise . Wukongnocode 20230807 previous version of the code problem vulnerability , the...

Cruddiy Command Injection Vulnerability

Cruddiy is a free no-code PHP bootstrap CRUD generator by Jan van den Berg, a personal developer. A security vulnerability exists in Cruddiy that stems from vulnerability to shell command injection attacks...

CVE-2024-24701

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

CVE-2024-24701

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

WordPress Plugin A no-code page builder for beautiful performance-based content Cross-site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin A no-code page builder for...

CVE-2024-24701 WordPress Setka Editor Plugin <= 2.1.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

CVE-2024-24701

CVE-2024-24701 is a CSRF vulnerability in Setka Editor (WordPress plugin: setka-editor)

PT-2024-20497 · Native Grid Llc +2 · A No-Code Page Builder For Beautiful Performance-Based Content +2

Name of the Vulnerable Software and Affected Versions: A no-code page builder for beautiful performance-based content versions n/a through 2.1.20 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performin...

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the 1 no-code automation and integration plugin.This issue affects Uncanny Automator – Automate everything with the 1 no-code automation and...

Unmasking the Dark Side of Low-Code/No-Code Applications

Low-code/no-code LCNC and robotic process automation RPA have gained immense popularity, but how secure are they? Is your security team paying enough attention in an era of rapid digital transformation, where business users are empowered to create applications swiftly using platforms like Microso...

Pleasanter Security Vulnerability

Pleasanter is a free OSS no-code/low-code development tool from Pleasanter. A security vulnerability exists in Pleasanter. An attacker can exploit the vulnerability to perform cross-site scripting attacks...

CVE-2023-41343

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

CVE-2023-41343 Ragic No-Code Database Builder - Stored XSS

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

CVE-2023-41343 Ragic No-Code Database Builder - Stored XSS

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

CVE-2023-41343

The vulnerability corresponds to CVE-2023-41343 in Rogic No-Code Database Builder. The file-upload function permits insufficient filtering of special characters, enabling a Stored XSS attack via crafted uploads. A remote attacker with regular user privileges can inject JavaScript, with the impact...

PT-2023-27916 · Rogic · Rogic No-Code Database Builder

Name of the Vulnerable Software and Affected Versions: Rogic No-Code Database Builder affected versions not specified Description: The issue concerns the file uploading function in Rogic No-Code Database Builder, which has insufficient filtering for special characters. This allows a remote attack...

WordPress BotMate - Automate or Sync Your Sites With No Code Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software BotMate - Automate or Sync Your Sites With No Code Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8348fa6fe814 Credits...

libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the...