PT-2024-20457 · Lobe Chat · Lobe Chat

Name of the Vulnerable Software and Affected Versions: Lobe Chat versions prior to 0.122.4 Description: The issue allows access to plugins without proper authorization when the application is password-protected and deployed with the ACCESS CODE option. This means that even though the application...

Lobe Chat Security Vulnerability

Lobe Chat is an open source, high performance chatbot framework. A security vulnerability exists in Lobe Chat that stems from the ability to access the plugin without proper authorization no password required...

PT-2024-14951 · WordPress · Custom User Css

Name of the Vulnerable Software and Affected Versions: Custom User CSS WordPress plugin versions 0.2 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This could...

PT-2023-32098 · WordPress · Information Reel

Name of the Vulnerable Software and Affected Versions: Information Reel plugin for WordPress versions up to, and including, 10.0 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the plugin's...

PT-2023-29905 · Stylemixthemes · Stylemixthemes Motors – Car Dealer

Name of the Vulnerable Software and Affected Versions: StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin versions 1.4.6 and earlier Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into t...

PT-2023-29880 · WordPress · Realmag777 Wolf – Wordpress Posts Bulk Editor/Manager Professional

Name of the Vulnerable Software and Affected Versions: realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin versions 1.0.7.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to...

PT-2023-21064 · Netapp · Snapcenter

Name of the Vulnerable Software and Affected Versions: SnapCenter versions 4.8 through 4.9 Description: The issue allows an authenticated SnapCenter Server user to potentially become an admin user on a remote system where a SnapCenter plug-in has been installed. Recommendations: For SnapCenter...

CVE-2023-40825

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...

PerfreeBlog 代码问题漏洞

PerfreeBlog is a java-based blog/CMS builder. A security vulnerability exists in Perfree PerfreeBlog version v.3.1.2, which originates from a vulnerability that allows remote attackers to execute arbitrary code via a crafted plugin listed in admin/plugin/access/list...

PT-2023-27655 · Perfree · Perfreeblog

Name of the Vulnerable Software and Affected Versions: Perfree PerfreeBlog version 3.1.2 Description: An issue in Perfree PerfreeBlog allows a remote attacker to execute arbitrary code via a crafted plugin listed in "admin/plugin/access/list". Recommendations: For Perfree PerfreeBlog version 3.1....

USN-6063-1 ceph vulnerabilities

Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-3979 It was discovered that Ceph incorrectly handled the volumes...

PT-2023-16700 · WordPress · Wp Meta Seo

Name of the Vulnerable Software and Affected Versions: WP Meta SEO plugin for WordPress versions up to, and including, 4.5.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the setIgnore function. This allows unauthenticated attacker...

Debian DSA-5165-1 : vlc - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5165 advisory. Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file is...

Simple Ajax Chat < 20220216 - Sensitive Information Disclosure

The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it...

CVE-2022-0442 UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...

CVE-2021-39333 Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

Vulnerabilities fixed in VMware vCenter Server

Vulnerabilities have been fixed in VMware vCenter Server. The vulnerability with reference CVE-2021-21985 allows an unauthenticated malicious person with access to port 443 of the vSphere HTML5 Client to execute under elevated privileges execute arbitrary code on both the vCenter Server and the...

CVE-2019-15519

Power-Response before 2019-02-02 allows directory traversal up to the application's main directory via a plugin...

CVE-2008-4577

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions...