CVE-2023-5882

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution...

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

Remote code execution

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution...

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +84 more potentially affected by CVE-2023-6134 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=23.0.2)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.1.23, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.1.4, =1.1.5 and more Source cves: CVE-2023-6134 Source advisory: OSV:GHSA-CVG2-7C3J-G36J...

PT-2023-32793 · Kalcaddle · Kodexplorer

Name of the Vulnerable Software and Affected Versions: kalcaddle KodExplorer versions up to 4.51.03 Description: A critical vulnerability has been found in kalcaddle KodExplorer, affecting an unknown function of the file plugins/webodf/app.php. This issue leads to server-side request forgery and...

CVE-2023-49165

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Real Big Plugins Client Dash allows Stored XSS.This issue affects Client Dash: from n/a through 2.2.1...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Real Big Plugins Client Dash allows Stored XSS.This issue affects Client Dash: from n/a through 2.2.1...

CVE-2023-49165

CVE-2023-49165 affects the WordPress plugin Client Dash (Real Big Plugins) up to version 2.2.1. The issue is an authenticated Stored XSS vulnerability arising from improper input neutralization during web page generation. Exploitation requires at least Administrator privileges, and the vulnerabil...

AlmaLinux 9 : gstreamer1-plugins-bad-free (ALSA-2023:7791)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7791 advisory. - Fixes for GStreamer-SA-2023-0010 ZDI-CAN-22299 and GStreamer-SA-2023-0009 ZDI-CAN-22226 CVE-2023-44429 CVE-2023-44429 - MXF demuxer use-after-free...

Oracle Linux 9 : gstreamer1-plugins-bad-free (ELSA-2023-7791)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7791 advisory. - Patch CVE-2023-44429: AV1 codec parser heap-based buffer overflow - Patch CVE-2023-44446: MXF demuxer use-after-free Tenable has extracted the...

WordPress Plugin SIGMA Lite & Lite+ Buffer Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

gstreamer1-plugins-bad-free security update

1.22.1-2 - Patch CVE-2023-44429: AV1 codec parser heap-based buffer overflow - Patch CVE-2023-44446: MXF demuxer use-after-free - Resolves: RHEL-17030, RHEL-17039...

RHEL 8 : gstreamer1-plugins-bad-free (RHSA-2023:7841)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7841 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a...

SUSE SLED15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2023:4874-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4874-1 advisory. - CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow bsc1217211. Tenable has extracted the...

AlmaLinux 8 : gstreamer1-plugins-bad-free (ALSA-2023:7841)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:7841 advisory. - MXF demuxer use-after-free vulnerability fedora-all CVE-2023-44446 Note that Nessus has not tested for this issue but has instead relied only on the application'...

SUSE SLED15: gstreamer-plugins-bad / gstreamer-plugins-bad-chromaprint / etc (SUSE-SU-2023:4875-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4875-1 advisory. - CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow bsc1217211. Tenable has extracted the...

SUSE-SU-2023:4875-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow bsc1217211...

SUSE-SU-2023:4874-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow bsc1217211...

com.github.vzakharchenko:chillispot-radius-plugin (=1.4.10), com.github.vzakharchenko:cisco-radius-plugin (=1.4.10) +23 more potentially affected by CVE-2023-6563 via org.keycloak:keycloak-model-jpa (>=1.0-alpha-1-12062013 <=20.0.5)

org.keycloak:keycloak-model-jpa MAVEN version =1.0-alpha-1-12062013, =0.6, =0.2, =2.0, =0.11.0, =1.2.0-beta.1 and more Source cves: CVE-2023-6563 Source advisory: OSV:GHSA-54F3-C6HG-865H...

CVE-2023-40476

A stack-based buffer overflow was found in the GStreamer Plugins Bad when handling malformed files with H.265 video streams. This issue requires user interaction with the library and may allow a malicious user to cause an integer overflow before allocating the buffer, triggering a crash or code...