com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.0.0) +12 more potentially affected by CVE-2023-41041 via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=5.0.8)

org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: CVE-2023-41041 Source advisory: OSV:GHSA-3FQM-FRHG-7C85...

snyk Code Injection vulnerability

The package snyk before 1.1064.0 is vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application...

GHSA-4VRV-93C7-M92J snyk Code Injection vulnerability

The package snyk before 1.1064.0 is vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)

Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

Autodesk Maya Plugins Installed (Windows)

Binary data autodeskmayawinpluginsdetect.nbin...

VulnCheck KEV: CVE-2023-1119

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability...

Debian: Security Advisory (DSA-5443-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5444-1] gst-plugins-bad1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5444-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 02, 2023 https://www.debian.org/security/faq -...

DSA-5445-1 gst-plugins-good1.0 - security update

Bulletin has no description...

DSA-5444-1 gst-plugins-bad1.0 - security update

Bulletin has no description...

DSA-5443-1 gst-plugins-base1.0 - security update

Bulletin has no description...

Debian DSA-5444-1 : gst-plugins-bad1.0 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5444 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...

Debian DSA-5445-1 : gst-plugins-good1.0 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5445 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +65 more potentially affected by CVE-2023-2422 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=21.1.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.3.2, =0.1.0, =1.0.0 and more Source cves: CVE-2023-2422 Source advisory: OSV:GHSA-3QH5-QQJ2-C78F...

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +65 more potentially affected by CVE-2022-4361 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=21.1.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.3.2, =0.1.0, =1.0.0 and more Source cves: CVE-2022-4361 Source advisory: OSV:GHSA-3P62-6FJH-3P5H...

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +65 more potentially affected by CVE-2023-2585 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=21.1.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.3.2, =0.1.0, =1.0.0 and more Source cves: CVE-2023-2585 Source advisory: OSV:GHSA-F5H4-WMP5-XHG6...

Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts

A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 CVSS score: 9.8, the authentication bypass flaw...

CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

CVE-2023-2326

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

Remote code execution

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...