Repetier Server - Directory Traversal

Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. id: CVE-2023-31059 info: name: Repetier Server - Directory Traversal author: parthmalhotra,pdresearch severity: high description: | Repetier Server...

CVE-2025-71279

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication...

CVE-2023-29429

Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1...

CVE-2024-53859

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

CVE-2024-49369

CVE-2024-49369 affects Icinga2 TLS certificate validation from version 2.4.0, enabling impersonation of trusted cluster nodes or API users using client certificates. Fixed in Icinga 2.14.3, 2.13.10, 2.12.11, and 2.11.12. The connected Nessus/ALPINE entries confirm the vulnerability and the fix ve...

CVE-2024-41344

A Cross-Site Request Forgery CSRF in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges...

CVE-2024-43330

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in IdeaBox Creations PowerPack for Beaver Builder allows Reflected XSS.This issue affects PowerPack for Beaver Builder: from n/a before 2.37.4...

CVE-2024-37224 WordPress SP Project & Document Manager plugin <= 4.71 - Directory Traversal vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71...

CVE-2023-45590

An improper control of generation of code 'code injection' in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website...

CVE-2024-28423

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...

CVE-2024-22286 WordPress BA Plus Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aluka BA Plus – Before & After Image Slider FREE allows Reflected XSS.This issue affects BA Plus – Before & After Image Slider FREE: from n/a through 1.0.3...

Code injection

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

Unsafe use of transfer()/transferFrom() with IERC20

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and transferFrom functions on L1 do not return booleans as the specification...

CVE-2023-40140

CVE-2023-40140: Android component android_view_InputDevice_create (android_view_InputDevice.cpp) has a use-after-free vulnerability that can lead to arbitrary code execution and local escalation of privilege. Impact is local, with no user interaction required. The Android Security Bulletin notes ...

Jupiter X Core Premium < 3.3.8 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate files to be uploaded via the ravenformfrontend AJAX action available to unauthenticated users, allowing them to upload arbitrary files on the server...

The Asset.lotPrice doubles the oracle timeout in the worst case

Lines of code Vulnerability details When the tryPrice function revert, for example oracle timeout, the Asset.lotPrice will use a decayed historical value: uint48 delta = uint48block.timestamp - lastSave; // s if delta = oracleTimeout + priceTimeout return 0, 0; // no price after full timeout else...

Out-of-bounds

In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android...

CVE-2023-29917

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm...

CVE-2023-21022

In BufferBlock of Suballocation.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack PoC Exploit shortcode: wpdarkmode class='" onmouseover="alert1"'...