acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.9.5.1rc1 <=1.3.1.post1) +118 more potentially affected by CVE-2021-45230 via apache-airflow (>=2.0.0 <=2.1.4)

apache-airflow PYPI version =2.0.0, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.10.2, =0.11.0 - airflow-ditto =0.0.1.2 and more Source cves: CVE-2021-45230 Source advisory: OSV:PYSEC-2022-11...

CVE-2022-0215

The Login/Signup Popup, Waitlist Woocommerce Back in stock notifier , and Side Cart Woocommerce Ajax WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the savesettings function found in the /includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it...

Cross site request forgery (csrf)

The Login/Signup Popup, Waitlist Woocommerce Back in stock notifier , and Side Cart Woocommerce Ajax WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the savesettings function found in the /includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it...

CVE-2022-0215 XootiX Plugins <= Various Versions Cross-Site Request Forgery to Arbitrary Options Update

The Login/Signup Popup, Waitlist Woocommerce Back in stock notifier , and Side Cart Woocommerce Ajax WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the savesettings function found in the /includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it...

CVE-2022-0215

The CVE-2022-0215 issue affects three WordPress plugins by XootiX: Login/Signup Popup, Side Cart Woocommerce, and Waitlist Woocommerce. Root cause is a Cross-Site Request Forgery (CSRF) vulnerability in the save_settings function within ~/includes/xoo-framework/admin/class-xoo-admin-settings.php,...

OpenBMCS 2.4 - Information Disclosure

Exploit Title: OpenBMCS 2.4 - Information Disclosure Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your...

High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites

Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. "This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site,...

Jenkins Input Validation Error Vulnerability (CNVD-2022-05101)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.The Jenkins Credentials Binding Plugin is vulnerable to an input validation error that stems from the plugin's failure to...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), cf.pgmann.plugins:url-auth-sso (=1.0) +150 more potentially affected by CVE-2022-20614 via org.jenkins-ci.plugins:mailer (>=1.10 <=1.32.1)

org.jenkins-ci.plugins:mailer MAVEN version =1.10, =1.0.0, =1.9.2-beta, =1.14.0, =4.1.1, =2.30.2, =1.0.22, =1.3.0, =0.11.0, =0.13.0 - com.testinium.jenkins:testinium =1.0 and more Source cves: CVE-2022-20614 Source advisory: OSV:GHSA-558X-H7RG-997V...

aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +34 more potentially affected by CVE-2022-20615 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.18)

org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =2021.12.0, =1.0, =1.4.2, =0.34, =1.561, =1.599 and more Source cves: CVE-2022-20615 Source advisory: OSV:GHSA-VQWG-4V6F-H6X5...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), cf.pgmann.plugins:url-auth-sso (=1.0) +150 more potentially affected by CVE-2022-20613 via org.jenkins-ci.plugins:mailer (>=1.10 <=1.32.1)

org.jenkins-ci.plugins:mailer MAVEN version =1.10, =1.0.0, =1.9.2-beta, =1.14.0, =4.1.1, =2.30.2, =1.0.22, =1.3.0, =0.11.0, =0.13.0 - com.testinium.jenkins:testinium =1.0 and more Source cves: CVE-2022-20613 Source advisory: OSV:GHSA-85RQ-HP8X-GHJQ...

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +39 more potentially affected by CVE-2022-20616 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.24)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2022-20616 Source advisory: OSV:GHSA-GQM2-2GCX-P88W...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.cloudbees.jenkins.plugins:docker-custom-build-environment (>=1.2 <=1.7.3) +14 more potentially affected by CVE-2022-20617 via org.jenkins-ci.plugins:docker-commons (>=1.0 <=1.15)

org.jenkins-ci.plugins:docker-commons MAVEN version =1.0, =1.9.2-beta, =1.2, =1.0.43, =3.0.0, =1.0, =1.26, =1.0, =1.0, =1.0, =0.2, =0.1.5, =0.2.3 and more Source cves: CVE-2022-20617 Source advisory: OSV:GHSA-JPXJ-VGQ5-PRJC...

org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2022-20618 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2022-20618 Source advisory: OSV:GHSA-W2MH-6XJ5-F77F...

org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2022-20619 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2022-20619 Source advisory: OSV:GHSA-W4JV-6RG4-PR4M...

XootiX Plugins - Various Versions CSRF to Arbitrary Options Update

The plugins Login/Signup Popup, Side Cart Woocommerce, and Waitlist Woocommerce are all vulnerable to cross-site request forgery due to a missing nonce check that would make it possible for attackers to update arbitrary options on a vulnerable WordPress site...

XootiX Plugins - Various Versions CSRF to Arbitrary Options Update

The plugins Login/Signup Popup, Side Cart Woocommerce, and Waitlist Woocommerce are all vulnerable to cross-site request forgery due to a missing nonce check that would make it possible for attackers to update arbitrary options on a vulnerable WordPress site. PoC...

CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

DEBIAN-CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

com.seitenbau.jenkins.plugins:dynamicparameter (=0.2.0), org.biouno:uno-choice (>=1.0 <=1.5.3-alpha) potentially affected by CVE-2021-21667 via org.jenkins-ci.plugins:scriptler (>=2.2 <=2.9)

org.jenkins-ci.plugins:scriptler MAVEN version =2.2, =1.0, =1.5.3-alpha Source cves: CVE-2021-21667 Source advisory: OSV:GHSA-P479-RWHP-RWJX...