CVE-2024-38759 WordPress Search & Replace plugin <= 3.2.2 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2...

CVE-2024-38759

CVE-2024-38759 is a Deserialization of Untrusted Data vulnerability in the WordPress plugin WP MEDIA SAS Search & Replace (Search & Replace) affecting versions from n/a up to and including 3.2.2. The root cause is deserialization of untrusted data leading to potential compromise. The connected do...

PT-2024-28200 · WordPress · Wp Media Sas Search & Replace

Name of the Vulnerable Software and Affected Versions: WP MEDIA SAS Search & Replace versions n/a through 3.2.2 Description: The issue is related to Deserialization of Untrusted Data, which affects the Search & Replace plugin. Recommendations: For versions n/a through 3.2.2, update to a version...

PT-2024-37986 · Flute Cms · Flute Cms

Name of the Vulnerable Software and Affected Versions: Flute CMS version 0.2.2.4-alpha Description: A critical issue affects the replaceContent function of the ContentParser.php file in the Notification Handler component, leading to code injection. The attack can be initiated remotely...

SUSE CVE-2024-40949

In the Linux kernel, the following vulnerability has been resolved: mm: shmem: fix getting incorrect lruvec when replacing a shmem folio When testing shmem swapin, I encountered the warning below on my machine. The reason is that replacing an old shmem folio with a new one causes memcgroupmigrate...

CVE-2024-39496

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to race with dev replace While loading a zone's info during creation of a block group, we can race with a device replace operation and then trigger a use-after-free on the device that was just...

WordPress CM WordPress Search And Replace Plugin plugin < 1.3.9 - Plugin Reset via CSRF vulnerability

Plugin Reset via CSRF vulnerability discovered by Felipe Caon in WordPress Plugin CM On Demand Search And Replace versions 1.3.9...

WordPress CM On Demand Search And Replace Plugin < 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions 1.3.9 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5028 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 576a4082c0ff Credits Felipe...

CVE-2024-5028

CVE-2024-5028 —The CM WordPress Search And Replace Plugin (pre-1.3.9) lacks CSRF checks in some areas, enabling attackers to induce logged-in users to perform unwanted actions via CSRF. Red Hat and Patchstack entries corroborate the issue and reference the same plugin/version window. Wordfence vu...

CVE-2024-5028 CM WordPress Search And Replace Plugin < 1.3.9 - Plugin Reset via CSRF

The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-5028 CM WordPress Search And Replace Plugin < 1.3.9 - Plugin Reset via CSRF

The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

How to Replace a Network Interface Card in a XenServer Host

This article describes the procedure to replace a Network Interface Card NIC in a XenServer Host. For example, the procedure can be used to replace a faulty NIC. Requirements The XenServer host must be standalone and not joined to a resource pool. Replacing the NIC used as management interface...

DEBIAN-CVE-2024-39496

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to race with dev replace While loading a zone's info during creation of a block group, we can race with a device replace operation and then trigger a use-after-free on the device that was just...

UBUNTU-CVE-2024-40949

In the Linux kernel, the following vulnerability has been resolved: mm: shmem: fix getting incorrect lruvec when replacing a shmem folio When testing shmem swapin, I encountered the warning below on my machine. The reason is that replacing an old shmem folio with a new one causes memcgroupmigrate...

CVE-2024-39496 btrfs: zoned: fix use-after-free due to race with dev replace

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to race with dev replace While loading a zone's info during creation of a block group, we can race with a device replace operation and then trigger a use-after-free on the device that was just...

CVE-2024-39496

CVE-2024-39496 affects the Linux kernel, specifically the btrfs: zoned code path. The issue is a use-after-free caused by a race between loading a zone’s info during block group creation and an ongoing device replacement; if the device being loaded is the source of the replacement, the device can...

PT-2024-28912 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202302.e Description: The issue allows for arbitrary file content replacement via the /admin/cmsTemplate/replace API endpoint. Recommendations: For PublicCMS version 4.0.202302.e, consider restricting access to the...

WordPress Search & Replace plugin <= 3.2.2 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Trình Vũ / Sonicrrrr from VNPT-VCI Patchstack Alliance in WordPress Plugin Search & Replace versions = 3.2.2...

WordPress Search & Replace Plugin <= 3.2.2 is vulnerable to Deserialization of untrusted data

Software Search & Replace Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A3: Injection Classification Deserialization of untrusted data CVE CVE-2024-38759 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d349741333a6 Credits Trình Vũ Sonicrrrr from...

CVE-2024-0949

CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...