EUVD-2024-50035

Malicious code in bioql PyPI...

CVE-2024-9583

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprssajaxsendpremiumsupport function in all versions up to, and including, 4.23.12. This makes it possible f...

LinkedIn: HTML Injection in LinkedIn Premium Support Chat

The vulnerability exists in the LinkedIn Premium support chat interface where unsanitized HTML input was rendered directly in the chat window. An attacker could have exploited this by injecting malicious HTML such as clickable links, potentially leading to phishing or redirection attacks on...

BIT-NODE-MIN-2021-23840 Integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

CVE-2024-9583

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprssajaxsendpremiumsupport function in all versions up to, and including, 4.23.12. This makes it possible f...

CVE-2024-9583

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprssajaxsendpremiumsupport function in all versions up to, and including, 4.23.12. This makes it possible f...

CVE-2024-9583

CVE-2024-9583 affects the WordPress plugin “RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging” up to version 4.23.12. The issue is a missing capability check in the wprss_ajax_send_premium_support function, enabling authenticated users with Subscriber-level access and above ...

CVE-2024-9583 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.12 - Missing Authorization

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprssajaxsendpremiumsupport function in all versions up to, and including, 4.23.12. This makes it possible f...

PT-2024-39700 · WordPress · The Rss Aggregator – Rss Import

Name of the Vulnerable Software and Affected Versions: The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress versions up to, and including, 4.23.12 Description: The issue is related to a missing capability check on the wprss ajax send premium support...

CBL Mariner 2.0 Security Update: openssl (CVE-2021-4160)

The version of openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-4160 advisory. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affecte...

OpenSSL 1.0.2 < 1.0.2zc Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2zc. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zc advisory. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS...

CVE-2023-25985

Cross-Site Request Forgery CSRF vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5...

CVE-2023-25985 WordPress WordPress Tooltips Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2023-0025)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssl packages installed that are affected by multiple vulnerabilities: - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is clo...

K30184101: OpenSSL Vulnerability CVE-2021-4160

Security Advisory Description There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include...

K61903372: OpenSSL vulnerability CVE-2021-23839

Security Advisory Description OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support...

FreeBSD : OpenSSL -- BN_mod_exp incorrect results on MIPS (1aaaa5c6-804d-11ec-8be6-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1aaaa5c6-804d-11ec-8be6-d4c9ef517024 advisory. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are...

CVE-2021-4160

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...

Design/Logic Flaw

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...