140 matches found
PT-2025-21726 · WordPress · Steve Puddick Wp Notes Widget
Name of the Vulnerable Software and Affected Versions: Steve Puddick WP Notes Widget versions 1.0.0 through 1.0.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an...
Improper Certificate Validation
github.com/rancher/steve is vulnerable to improper certificate validation. The vulnerability is due to the default setting does not verify the certificate presented by the remote server, which allows an attacker to intercept or alter TLS communications...
CVE-2025-46528
Cross-Site Request Forgery CSRF vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through = 0.2.4...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation presented by the remote server during a TLS connection. An attacker can intercept and potentially alter communications by positioning themselves between the client and the server. Note: This is only...
CVE-2025-46528
Cross-Site Request Forgery CSRF vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through = 0.2.4...
CVE-2025-46528
CVE-2025-46528 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Availability Calendar plugin, which allows Stored XSS. Affected versions are Availability Calendar up to 0.2.4. The available connected sources confirm the CSRF vector and stored XSS potential but do not p...
CVE-2024-44843
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...
CVE-2024-44843
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...
CVE-2024-44843
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...
CVE-2024-44843
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...
SteVe 安全漏洞
SteVe is an open platform open-sourced by the SteVe Community. It is used to implement, test and evaluate novel ideas for electric vehicles, such as authentication protocols, charging point reservation mechanisms and business models for electric vehicles. A security vulnerability exists in SteVe...
CVE-2024-44843
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...
CVE-2024-44843
CVE-2024-44843 affects SteVe v3.7.1. The issue is in the WebSocket handshake process, enabling an attacker to bypass authentication and deliver crafted OCPP requests to execute arbitrary commands. Documented impact includes authentication bypass and potential command execution on the affected ser...
GHSA-J5HQ-5JCR-XWX7 github.com/rancher/steve's users can issue watch commands for arbitrary resources
Impact A vulnerability has been discovered in Steve API Kubernetes API Translator in which users can watch resources they are not allowed to access, when they have at least some generic permissions on the type. For example, a user who can get a single secret in a single namespace can get all...
github.com/rancher/steve's users can issue watch commands for arbitrary resources
Impact A vulnerability has been discovered in Steve API Kubernetes API Translator in which users can watch resources they are not allowed to access, when they have at least some generic permissions on the type. For example, a user who can get a single secret in a single namespace can get all...
Steve Bellovin’s Retirement Talk
Steve Bellovin is retiring. Here's his retirement talk, reflecting on his career and what the cybersecurity field needs next...
RequestStore 安全漏洞
RequestStore is a tool by Steve Klabnik Personal Developer. A security vulnerability exists in RequestStore version 1.3.2. An attacker exploiting this vulnerability could execute arbitrary code...
CVE-2024-21550
SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...
CVE-2024-21550
SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...
CVE-2024-21550
SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site...