1850 matches found
CVE-2024-3934
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of...
GHSA-3WF2-2PQ4-4RVC Woodpecker's custom environment variables allow to alter execution flow of plugins
Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...
Template Injection
Apache StreamPark is vulnerable to template injection. The vulnerability is due to insufficient input validation that allows attacker to perform a template injection that potentially leads to execution of arbitrary code on server...
CVE-2024-21163
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
CVE-2024-21127
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
Remote Code Execution (RCE)
org.apache.wicket: wicket-core is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe default XML parsing configuration, allowing attackers to inject malicious code that can execute arbitrary commands on the server through a crafted XSLT document...
CVE-2024-6321 ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload
The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'optionspage' function. This makes it possible for unauthenticated...
CVE-2024-6314
CVE-2024-6314 affects the IQ Testimonials WordPress plugin. The Red Hat and Wordfence entries describe a vulnerability in process_image_upload that allows unauthenticated arbitrary file uploads in versions up to and including 2.2.7 due to insufficient file type validation. The impact is high: if ...
CVE-2024-6314 IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload
The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'processimageupload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
CVE-2024-5441
The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimage function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to uploa...
CVE-2024-2385
CVE-2024-2385 affects Elementor Addons by Livemesh for WordPress. It is a Local File Inclusion in multiple widgets via the style attribute, impacting all versions up to 8.3.7. An authenticated attacker with contributor-level access can include and execute arbitrary server-side PHP code, potential...
Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue results from the lack of proper validation of a...
CVE-2024-39303 Weblate vulnerabler to improper sanitization of project backups
Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a...
CVE-2024-37146 GHSL-2023-248: Flowise xss in /api/v1/credentials/id
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...
[SECURITY] [DLA 3853-1] tryton-server security update
Debian LTS Advisory DLA-3853-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 30, 2024 https://wiki.debian.org/LTS Package : tryton-server Version : 5.0.4-2+deb10u3 CVE ID : not yet available Cédric Krier has found that trytond, the Tryton application server...
DLA-3853-1 tryton-server - security update
Bulletin has no description...
MAL-2024-2385 Malicious code in flux_dev_tools.server.flask (npm)
--- -= Per source details. Do not edit below this line.=-...
Arbitrary File Access
magento/community-edition is vulnerable to arbitrary file access. The vulnerability is due to an issue in the file upload controller for downloadable products, allowing an authenticated user to read or delete arbitrary files. Attackers can exploit this vulnerability to gain unauthorized access to...
CVE-2024-3562
The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval function. This makes it possible for authenticated...
CVE-2024-3562
CVE-2024-3562 : The WordPress plugin Custom Field Suite is vulnerable to PHP Code Injection via the Loop custom field. The issue stems from insufficient sanitization before using input in eval(), allowing authenticated attackers with contributor-level access or higher to execute arbitrary PHP on ...