PT-2024-36311 · Evernote · Evernote Sync

Name of the Vulnerable Software and Affected Versions: Evernote Sync versions prior to 3.0.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows reflected XSS. Recommendations: For versions prior to...

CVE-2023-40001

Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13...

CVE-2022-46807

Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2...

CVE-2023-40001 WordPress iThemes Sync plugin <= 2.1.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13...

CVE-2023-40001 WordPress iThemes Sync plugin <= 2.1.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13...

CVE-2022-46807 WordPress Stock Sync for WooCommerce plugin <= 2.3.2 - Broken Access Control

Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2...

CVE-2022-46807

CVE-2022-46807 affects Stock Sync for WooCommerce (WordPress plugin)

WordPress plugin iThemes Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress Evernote Sync plugin <= 3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Evernote Sync versions = 3.0.0...

SUSE SLES15 Security Update : SUSE Manager Proxy and Retail Branch Server 4.3 (SUSE-SU-2024:4006-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4006-1 advisory. cobbler: - Security issues fixed: CVE-2024-47533: Prevent privilege escalation from none to admin bsc1231332 - Other bugs fixed: Increase start...

Sensitive Information Exposure

Matrix-synapse is vulnerable to information disclosure. The vulnerability is due to improper handling of Sliding Sync, which can leak partial room state changes to users who are no longer in a room, while non-state events remain unaffected...

Improper Input Validation

Synapse is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of invites received over federation, allowing a malicious server to send crafted invites that disrupt the affected user's ability to perform /sync operations...

CVE-2024-50388

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-50388

CVE-2024-50388 is an OS command injection vulnerability affecting HBS 3 Hybrid Backup Sync. The vulnerability could allow remote code execution; affected versions include prior to 25.1.1.673, with fixes in 25.1.1.673 and later. Public disclosures in multiple feeds corroborate remote-command execu...

CVE-2024-50388 HBS 3 Hybrid Backup Sync

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-50388 HBS 3 Hybrid Backup Sync

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-53820

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Stored XSS.This issue affects Captivate Sync: from n/a through = 2.0.22...

CVE-2024-53820

CVE-2024-53820 corresponds to a Stored XSS in the WordPress Captivate Sync plugin (Captivate Sync) up to version 2.0.22, caused by improper input neutralization during web-page generation. Multiple sources (NVD, CVE listings, Red Hat advisory, Patchstack entry, and Wordfence vulnerability notes) ...

CVE-2024-53820 WordPress Captivate Sync plugin <= 2.0.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a through 2.0.22...

CVE-2024-53820 WordPress Captivate Sync plugin <= 2.0.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Stored XSS.This issue affects Captivate Sync: from n/a through = 2.0.22...