CVE-2024-1338

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to...

CVE-2024-1338

CVE-2024-1338 — ImageRecycle pdf & image compression (WordPress) Affects: ImageRecycle pdf & image compression plugin for WordPress, versions up to 3.1.13.Root cause: Missing/incorrect nonce validation in the stopOptimizeAll function enables CSRF.Impact: Unauthenticated attackers can modify image...

CVE-2024-1334 ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in enableOptimization

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to...

PT-2024-17953 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue is due to missing or incorrect nonce validation on the disableOptimization function, making it possible for unauthenticated...

PT-2024-17952 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue is due to missing or incorrect nonce validation on the enableOptimization function, making it possible for unauthenticated...

PT-2024-15961 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to modify data without authorization due to a missing...

PT-2024-16632 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to modify image optimization settings due to a missin...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing (PUB) jQuery Vulnerability

Summary IBM Engineering Lifecycle Optimization - Publishing jQuery and jQuery.min found vulnerable Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remot...

CVE-2023-30767

Improper buffer restrictions in IntelR Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-30767

CVE-2023-30767 affects Intel® Optimization for TensorFlow prior to version 2.13.0. The root cause is improper buffer restrictions/bounds checking, which may allow an authenticated local user to escalate privileges. Documented impact includes local elevation of privilege with confidential/integrit...

Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio (CVE-2023-5676)

Summary There is a vulnerability in IBM® Java™ version 8 and 11 used by IBM CPLEX Optimization Studio. This issue was disclosed as part of the Oracle / OpenJDK October 2023 Critical Patch Updates. Vulnerability Details CVEID:CVE-2023-5676 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a denial of...

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM ILOG CPLEX Optimization Studio (CVE-2023-22045, CVE-2023-22049)

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Versions 8 and 11 used by IBM ILOG CPLEX Optimization Studio. These issues were disclosed as part of the Oracle / OpenJDK July 2023 Critical Patch Updates. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified...

PT-2024-1791 · Intel · Intel Optimization For Tensorflow

Name of the Vulnerable Software and Affected Versions: IntelR Optimization for TensorFlow versions prior to 2.13.0 Description: The issue is related to improper buffer restrictions, which may allow an authenticated user to potentially enable escalation of privilege via local access. It is also...

CVE-2023-45191

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...

CVE-2023-45187

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...

CVE-2023-45190

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2023-45190

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2023-45191

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...

Code injection

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...

Cross site scripting

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...