CVE-2022-24074

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises...

Naver Whale Browser 安全漏洞

Naver Whale Browser is a web browser from the Korean company Naver that supports user-defined interfaces. A security vulnerability previously existed in Naver Whale Browser 3.12.129.18, which stemmed from a default extension in Whale Browser that allowed receiving any SendMessage request from the...

PT-2022-13242 · Unknown +1 · @Uppy/Companion +1

Name of the Vulnerable Software and Affected Versions: uppy versions prior to 3.3.1 @uppy/companion versions prior to 3.3.1 Description: The issue allows for exposure of sensitive information to an unauthorized actor. It also enables incorrect authorization, where a user with URL upload access...

WordPress Send Prebuilt Emails plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Send Prebuilt Emails plugin versions = 1.0.0. Solution No patched version available...

WordPress Send Prebuilt Emails plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Send Prebuilt Emails plugin versions = 1.0.0. Solution No patched version available...

WordPress plugin Coming soon and Maintenance mode 安全漏洞

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. The vulnerability is caused by the plugin's unauthorized and CSRF-checked in its comingsoonsendma...

Wire webapp has an unspecified vulnerability

Wire is a chat software from a personal developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, can make voice calls, send photos, and its original way of saying hello, PING. wire webapp has a security vulnerability, and no details of the vulnerability...

transferAndCall sends tokens twice

Handle cccz Vulnerability details Impact The Flan contract is inherited from the ERC677 contract. In the transferAndCall function of the ERC677 contract, the super.transfer and transfer functions will be called, which will cause the token to be sent twice. function transferAndCall address to,...

CVE-2021-44839

An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/admutilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset and new ones sent ...

The vulnerability in the `client_send_params` function of the `lib/ext/pre_shared_key.c` component of the Transport Layer Security library GnuTLS, related to the use of memory after it is freed, allows a attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the clientsendparams function in the lib/ext/presharedkey.c component of the Transport Layer Security library GnuTLS is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its...

OpenBMCS 2.4 Cross Site Request Forgery Vulnerability

OpenBMCS 2.4 CSRF Send E-mail Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product c...

Out-of-bounds Write in actix-web

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

Delegate functions are missing `Send` bound

Affected versions of this crate did not require event handlers to have Send bound despite there being no guarantee of them being called on any particular thread, which can potentially lead to data races and undefined behavior. The flaw was corrected in commit afe3252 by adding Send bounds...

CVE-2021-24997

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user...

CVE-2021-45704

An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket unconditionally implements the Send and Sync traits...

CVE-2018-25026

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

CVE-2018-25026

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

Memory corruption

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

UBUNTU-CVE-2018-25026

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

CVE-2021-45704

CVE-2021-45704 affects the Rust metrics-util crate prior to 0.7.0. The issue is a data race and potential memory corruption caused by AtomicBucket unconditionally implementing Send/Sync, which allows concurrent access to inner data that may not be Sync. Public advisories (Red Hat, OSV, GitHub, CN...