CVE-2024-54422

CVE-2024-54422 is a Reflected XSS in Evernote Sync. The vulnerability occurs due to improper neutralization of input during web page generation, allowing an attacker to reflect malicious scripts. Affected software is Evernote Sync (from n/a up to version 3.0.0). The CVSS score in the source is 3....

WordPress plugin Evernote Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2024-36311 · Evernote · Evernote Sync

Name of the Vulnerable Software and Affected Versions: Evernote Sync versions prior to 3.0.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows reflected XSS. Recommendations: For versions prior to...

CVE-2023-40001

Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13...

CVE-2022-46807

Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2...

CVE-2023-40001 WordPress iThemes Sync plugin <= 2.1.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13...

CVE-2023-40001 WordPress iThemes Sync plugin <= 2.1.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13...

CVE-2022-46807 WordPress Stock Sync for WooCommerce plugin <= 2.3.2 - Broken Access Control

Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2...

CVE-2022-46807

CVE-2022-46807 affects Stock Sync for WooCommerce (WordPress plugin)

WordPress plugin iThemes Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress Evernote Sync plugin <= 3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Evernote Sync versions = 3.0.0...

SUSE SLES15: cobbler / grafana-formula / inter-server-sync / mgr-daemon / etc (SUSE-SU-2024:4006-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4006-1 advisory. cobbler: - Security issues fixed: CVE-2024-47533: Prevent privilege escalation from none to admin bsc1231332 - Other bugs fixed: Increase start...

Sensitive Information Exposure

Matrix-synapse is vulnerable to information disclosure. The vulnerability is due to improper handling of Sliding Sync, which can leak partial room state changes to users who are no longer in a room, while non-state events remain unaffected...

Improper Input Validation

Synapse is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of invites received over federation, allowing a malicious server to send crafted invites that disrupt the affected user's ability to perform /sync operations...

CVE-2024-50388

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-50388

CVE-2024-50388 is an OS command injection vulnerability affecting HBS 3 Hybrid Backup Sync. The vulnerability could allow remote code execution; affected versions include prior to 25.1.1.673, with fixes in 25.1.1.673 and later. Public disclosures in multiple feeds corroborate remote-command execu...

CVE-2024-50388 HBS 3 Hybrid Backup Sync

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-50388 HBS 3 Hybrid Backup Sync

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-53820

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Stored XSS.This issue affects Captivate Sync: from n/a through = 2.0.22...

CVE-2024-53820

CVE-2024-53820 corresponds to a Stored XSS in the WordPress Captivate Sync plugin (Captivate Sync) up to version 2.0.22, caused by improper input neutralization during web-page generation. Multiple sources (NVD, CVE listings, Red Hat advisory, Patchstack entry, and Wordfence vulnerability notes) ...