CVE-2023-48706

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory which may later...

CVE-2023-48706

Vim CVE-2023-48706 is a heap-use-after-free in Vim before 9.0.2121 triggered by the first :s command when a sub-replace-special atom is in the substitution; it may crash. The issue is fixed in 9.0.2121 (and newer builds such as 9.0.2153 are available). Exploitation requires an attacker-supplied p...

CVE-2023-28749

Cross-Site Request Forgery CSRF vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin = 1.3.0 versions...

CVE-2023-28749

Cross-Site Request Forgery CSRF vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin = 1.3.0 versions...

CVE-2023-28749 WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin = 1.3.0 versions...

CVE-2023-28749

CVE-2023-28749 : CSRF vulnerability in CM On Demand Search And Replace (WordPress plugin)

PT-2023-21935 · Creativemindssolutions · Cm On Demand Search/Replace

Name of the Vulnerable Software and Affected Versions: CreativeMindsSolutions CM On Demand Search And Replace plugin versions prior to 1.3.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to perform unintended...

WordPress Plugin CM On Demand Search And Replace Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-48231

A heap use-after-free flaw was found in the vim package. When executing a :s command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive :s call causes memory to be freed, which may later then be accessed by the initial :s command. Th...

kernel: mm/mempolicy: fix mpol_new leak in shared_policy_replace

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace If mpolnew is allocated but not used in restart loop, mpolnew will be freed via mpolput before returning to the caller. But refcnt is not initialized yet, so mpolput could not...

WordPress Enable Media Replace Plugin < 4.1.3 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:shortpixel:enablemediareplace"; if description...

CVE-2023-4643

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-4643

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog...

Input validation

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-4643

CVE-2023-4643 affects the WordPress Enable Media Replace plugin prior to version 4.1.3. The vulnerability stems from the plugin unserializing user input via the Remove Background feature, which enables PHP Object Injection if a suitable gadget is present on the blog. Multiple sources (NVD/NVD-der...

PT-2023-30025 · WordPress · Enable Media Replace

Name of the Vulnerable Software and Affected Versions: Enable Media Replace WordPress plugin versions prior to 4.1.3 Description: The issue allows Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog, due to the unserialize of user input via the Remove...

WordPress plugin Enable Media Replace Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

PT-2023-5603 · D Link · D-Link Dar-8000 +1

Name of the Vulnerable Software and Affected Versions: D-Link DAR-7000 versions up to 20151231 D-Link DAR-8000 versions up to 20151231 Description: The issue is related to an unrestricted file upload vulnerability in the /sysmanage/updatelib.php file of the D-Link DAR-7000 and DAR-8000 router...

PT-2023-5608 · D Link · D-Link Dar-8000 +1

Name of the Vulnerable Software and Affected Versions: D-Link DAR-7000 versions up to 20151231 D-Link DAR-8000 versions up to 20151231 Description: The issue is related to an unrestricted file upload vulnerability in the /useratte/web.php file of the D-Link DAR-7000 and DAR-8000 routers. This...

Enable Media Replace < 4.1.3 - Author+ PHP Object Injection

Description The plugin unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog PoC Step 1: Add the following code to the end of the file located at...