WordPress Sitepact's Contact Form 7 Extension For Klaviyo Plugin <= 1.0.5 is vulnerable to SQL Injection

Software Sitepact's Contact Form 7 Extension For Klaviyo Type Plugin Vulnerable versions = 1.0.5 Fixed in 3.0.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-25928 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b1255b55a5c6 Credits Dimas Maula...

Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin

Impact The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. Patch...

Parallels H-Sphere 3.0/3.1 - &#039;login.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/31256/info H-Sphere is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in th...