PT-2023-24856 · Wpclever · Wpc Smart Wishlist For Woocommerce

Name of the Vulnerable Software and Affected Versions: WPClever WPC Smart Wishlist for WooCommerce plugin versions = 4.7.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

PT-2023-29902 · WordPress · Jeff Sherk Auto Login New User After Registration

Name of the Vulnerable Software and Affected Versions: Jeff Sherk Auto Login New User After Registration plugin versions = 1.9.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...

PT-2023-29251 · Unknown · Bernhard Kau Backend Localization Plugin

Name of the Vulnerable Software and Affected Versions: Bernhard Kau Backend Localization plugin versions = 2.1.10 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions ...

JetBrains TeamCity Unauthenticated Remote Code Execution

This module exploits an authentication bypass vulnerability to achieve unauthenticated remote code execution against a vulnerable JetBrains TeamCity server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by SonarSource...

North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository

Three additional rogue Python packages have been discovered in the Package Index PyPI repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from...

PT-2023-25145 · WordPress · Mycred

Name of the Vulnerable Software and Affected Versions: myCred plugin versions = 2.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the...

PT-2023-25943 · WordPress · Wpmobilepack.Com Wordpress Mobile Pack – Mobile Plugin For Progressive Web Apps & Hybrid Mobile Apps

Name of the Vulnerable Software and Affected Versions: WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin versions = 3.4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user in...

PT-2023-25504 · Salesagility · Salesagility/Suitecrm-Core

Name of the Vulnerable Software and Affected Versions: salesagility/suitecrm-core versions prior to 8.3.1 Description: The issue is related to Cross-Site Request Forgery CSRF in the salesagility/suitecrm-core GitHub repository. This is a type of attack where an attacker tricks a user into...

Using the Jira Python library to make REST API calls with cookie auth bypasses Jira rate limiting

h3. Issue Summary When using the open-source Jira Python library|https://github.com/pycontribs/jira to make REST API calls to Jira, if cookie-based authentication|https://jira.readthedocs.io/examples.htmlcookie-based-authentication is used then Jira's rate limits will be bypassed. This can result...

CVE-2023-22814

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202...

CVE-2023-22814

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202...

CVE-2023-22814 Authentication Bypass issue in My Cloud OS 5 devices

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202...

PT-2023-18712 · Western Digital · My Cloud Os 5

Name of the Vulnerable Software and Affected Versions: My Cloud OS 5 versions prior to 5.26.202 Description: An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. Recommendations: F...

PT-2023-24286 · Unknown · Smart App Banner

Name of the Vulnerable Software and Affected Versions: Smart App Banner plugin versions 1.1.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

PT-2023-14587 · WordPress · Webmat Flexible Elementor Panel

Name of the Vulnerable Software and Affected Versions: WebMat Flexible Elementor Panel plugin versions = 2.3.8 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on ...

Western Digital My Cloud Multiple Products 5.x < 5.26.202 Multiple Vulnerabilities (WDC-23006, WDC-23009)

Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-11615 · Beescms · Beescms

Name of the Vulnerable Software and Affected Versions: beescms version 4 Description: A Cross Site Request Forgery CSRF issue allows attackers to delete the administrator account via a crafted request to "/admin/admin admin.php". This can be exploited by sending a malicious request to the specifi...

K20606443: iControl REST CSRF vulnerability CVE-2020-5922

Security Advisory Description iControl REST does not implement cross-site request forgery CSRF protections for users applying basic authentication in a web browser. CVE-2020-5922 Impact In a successful exploit, an attacker can run JavaScript in the context of the currently logged-in user. For an...

PT-2022-28137 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository usememos/memos. CSRF is an attack that tricks the victim into performing unintended actions on a web...

File (Field) Paths - Moderately critical - Access bypass - SA-CONTRIB-2022-065

The File Field Paths module extends the default functionality of Drupal's core File module, by adding the ability to use entity-based tokens in destination paths and file names. The module's default configuration could temporarily expose private files to anonymous visitors. Important note: to fix...