PT-2024-5841

Name of the Vulnerable Software and Affected Versions WPML versions up to, and including, 4.6.12 Description The WPML plugin for WordPress is vulnerable to Remote Code Execution via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render...

VulnCheck KEV: CVE-2021-32819

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

CVE-2023-6989

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP...

CVE-2023-6989

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP...

Design/Logic Flaw

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP...

WordPress plugin Shield Security security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-37527

A reflected cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page...

Confluence's create-content operation takes up to 20 minutes to completely render the Create dialog

h3. Issue Summary Confluence's create-content operation clicking the "..." button next to the Create button at the top left results in a create-dialog window that can take up to 20 minutes to fully render. This is reproducible on Data Center: yes h3. Steps to Reproduce On an affected version of...

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop blockslidingcart 2.3.8 and earlier versions, which stems...

PT-2024-15162 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.239 Description: The issue is related to Stored Cross-Site Scripting via the plugin's extend builder render js shortcode due to insufficient input sanitization and...

PT-2024-18994 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev77 Description: Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET KEY variable. This issue allows attackers to access sensitive information, which could...

PT-2023-10177 · Bestwebsoft · Bestwebsoft Portfolio Plugin

Name of the Vulnerable Software and Affected Versions: BestWebSoft Portfolio Plugin versions up to 2.27 Description: A vulnerability was found in the BestWebSoft Portfolio Plugin, affecting the function bws add menu render of the file bws menu/bws menu.php. The manipulation of the argument bwsmn...

Server Side Template Injection (SSTI)

mlflow is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to not using the sandboxed jinja2 loader while merging and rendering profile/recipe configuration yaml files in the renderandmergeyamlfunction within mlflow/utils/fileutils.py. If a user loads a malicious recipe...

PT-2023-8522 · WordPress · The Shield Security

Name of the Vulnerable Software and Affected Versions: The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress versions up to, and including, 18.5.9 Description: The issue is related to Local File Inclusion, which allows an unauthenticated attacker to include...

The vulnerability of the export-v2.php and ajax.render.php components of the iTop IT service management web tool allows a perpetrator to execute arbitrary code.

The vulnerability of the export-v2.php and ajax.render.php components of the iTop IT service management web tool is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

Combodo iTop Security Vulnerability

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A security vulnerability exists in Combodo iTop version...

PT-2023-7017 · Comodo · Itop

Name of the Vulnerable Software and Affected Versions: Combodo iTop version 3.1.0-2-11973 Description: The issue is related to a CSV injection in the export as CSV feature, allowing a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

PT-2023-35531 · Git +1 · Poppler

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the following state: Render Single Pass, Render Glyph, f...

Cross-site Scripting (XSS)

Overview quill-mention is a @mentions for the Quill rich text editor Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might...