Malicious code in com.apple.unityplugin.arcade.splashscreen (npm)

The package com.apple.unityplugin.arcade.splashscreen was found to contain malicious code...

MAL-2025-17310 Malicious code in com.apple.unityplugin.arcade.splashscreen (npm)

The package com.apple.unityplugin.arcade.splashscreen was found to contain malicious code...

CVE-2023-6501

The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-6501

The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Cross site request forgery (csrf)

The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-6501 Splashscreen <= 0.20 - Settings Update via CSRF

The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-6501

CVE-2023-6501 affects Splashscreen WordPress plugin (versions

CVE-2023-6501 Splashscreen <= 0.20 - Settings Update via CSRF

The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

PT-2024-14979 · WordPress · Splashscreen Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Splashscreen WordPress plugin versions 0.20 and earlier Description: The issue is related to the lack of a CSRF check when updating settings in the Splashscreen WordPress plugin. This could allow attackers to make a logged-in admin change...

WordPress Plugin Splashscreen Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Splashscreen Plugin <= 0.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Splashscreen Type Plugin Vulnerable versions = 0.20 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6501 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f22b37f1dead Credits Daniel Ruf Required...

Splashscreen <= 0.20 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack document.forms0.submit;...

PT-2023-28361 · Unknown · Wave.Ai.Browser

Name of the Vulnerable Software and Affected Versions: wave.ai.browser application through 1.0.35 for Android Description: The issue allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the...

WordPress Plugin PWA for WP & AMP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin PWA for WP...

PT-2023-12463 · WordPress · Pwa For Wp & Amp

Name of the Vulnerable Software and Affected Versions: PWA for WP & AMP for WordPress versions up to, and including, 1.7.32 Description: The issue is related to arbitrary file uploads due to missing file type validation in the pwaforwp splashscreen uploader function. This allows authenticated...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)

This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...

openSUSE Security Update : icedtea-web (openSUSE-SU-2014:0310-1)

icedtea-web was updated to version 1.4.2 bnc864364, fixing various bugs and a security issues : - Dialogs center on screen before becoming visible - Support for u45 new manifest attributes Application-Name - Custom applet permission policies panel in itweb-settings control panel - Plugin - PR1271...

SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 8974)

The OpenJDK Java Plugin IcedTea Web was released to fix a temporary file access problem. Changes : - Dialogs center on screen before becoming visible. - Support for u45 new manifest attributes Application-Name. - Custom applet permission policies panel in itweb-settings control panel. - Plugin...

Fedora 19 : icedtea-web-1.4.2-0.fc19 (2014-2071)

New in release 1.4.2 2014-02-05 : - Dialogs center on screen before becoming visible - Support for u45 new manifest attributes Application-Name - Custom applet permission policies panel in itweb-settings control panel - Plugin - PR1271: icedtea-web does not handle 'javascript:'-protocol URLs -...