CVE-2024-4258 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products (CVE-2023-45648, CVE-2023-42795, CVE-2023-46589, CVE-2024-21733)

Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing HTTP request smuggling and the obtaining of sensitive information. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to...

CVE-2023-39057

An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages...

CVE-2023-39054

An information leak in Tokudaya.ekimaemc v13.6.1 allows attackers to obtain the channel access token and send crafted messages...

CVE-2023-39044

An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages...

KLA20148 ACE vulnerability in Apache Tomcat

Remote code execution vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories Apache Tomcat 8.x vulnerabilities Related products Apache-Tomcat CVE list CVE-2022-45143 critical Solution Update to the latest version...

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Protect Plus (CVE-2021-22946, CVE-2022-27782, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2022-27776)

Summary Vulnerabilities in libcurl such as bypassing security restrictions, obtaining sensitive information, and man-in-the-middle attacks may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2021-22946 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson may affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson such as denial of service, bypassing security restrictions, obtaining sensitive information, cross-site scripting, and execution of arbitrary code may affect IBM Spectrum Copy Data Management. Vulnerability Details...

CVE-2022-25986

Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler...

CVE-2022-29090

Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2022

Summary In addition to many updates of open source packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.2-IF010 and 21.0.3-IF008. Vulnerability Details CVEID: CVE-2021-39038 DESCRIPTION: IBM WebSphere Application Server 9.0 and IBM WebSphe...

Security Bulletin: Vulnerabilities in Polkit, Node.js, OpenSSH, and Golang Go affect IBM Spectrum Protect Plus (CVE-2021-4034, CVE-2022-21681, CVE-2022-21680, CVE-2022-0235, CVE-2021-41617, CVE-2021-44716, CVE-2021-44717, 218243)

Summary Vulnerabilities in Polkit, Node.js, OpenSSL, and Golang Go can affect IBM Spectrum Protect Plus. The vulnerabilities include elevation of privileges, denial of service, obtaining sensitive information, and bypassing security restrictions. Vulnerability Details CVEID: CVE-2021-4034...

Improper Access Control

ssddanbrown/bookstack is vulnerable to Improper Access Control. An attacker is able to execute an error-based attack by obtaining a part of an email of the user...

Security Bulletin: Vulnerabilities in Node.js, Color-String, and PostgreSQL affect IBM Spectrum Protect Plus

Summary Vulnerabilities in Node.js, Color-String, and PostgreSQL, such as denial of service, bypassing security restrictions, obtaining sensitive information, and execution of arbitrary code, may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...

JVN#09136401: Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"

WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains multiple missing authorization vulnerabilities listed below. Missing authorization related to database browsing CWE-862 - CVE-2021-20865 Version| Vector| Score ---|---|--- CVSS v3|...

Security Bulletin: Vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Summary Vulnerabilities in the Linux Kernel such as execution of arbitrary code, denial of service, bypassing security restrictions, and obtaining or disclosing of information may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-25212 DESCRIPTION: Linux Kernel could allow a...

KLA12303 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A memory safety vulnerability can be...

Unauthorized Access Vulnerability in RICOH Aficio MP171 at Ricoh (China) Investment Co.

RICOH Aficio MP 171 is a printer from Ricoh China Investment Co. An unauthorized access vulnerability exists in the RICOH Aficio MP 171 of Ricoh China Investment Co. Ltd. that can be exploited by attackers to obtain sensitive information...

UVI-2021-1000340 mm: memcontrol: slab: fix obtain a reference to a freeing memcg

mm: memcontrol: slab: fix obtain a reference to a freeing memcg This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.37 by commit...

CVE-2021-30005

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS...