CVE-2023-41327 Controlled SSRF through URL in the WireMock

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

CVE-2023-2025

OpenBlue Enterprise Manager Data Collector (Johnson Controls) firmware prior to 3.2.5.75 is affected. The ICS/NVD entries describe two related issues: (1) Improper authentication (CWE-287) where API calls may not require authentication, and (2) exposure of sensitive information to an unauthorized...

Code injection

Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2018-12423

CVE-2018-12423 affects Synapse prior to 0.31.2. The vulnerability allows unauthorized users to hijack rooms when there is no m.room.power_levels event in force. This is described consistently across multiple sources in the connected documents. Reported impact is room hijacking due to improper han...

CVE-1999-1460

CVE-1999-1460 affects the BMC PATROL SNMP Agent prior to version 3.2.07 . The vulnerability lets local users escalate to root by passing the target file as the second argument to the snmpmagt program, resulting in creation of arbitrary world-writeable files. The underlying issue is improper handl...