EUVD-2018-10656

Malware in sbrugna...

CVE-2022-48178

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

Moderate: Red Hat Security Advisory: haproxy security update

An update for haproxy is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

BIT-WORDPRESS-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

BIT-WORDPRESS-MULTISITE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

CVE-2022-26180

qdPM 9.2 allows Cross-Site Request Forgery CSRF via the index.php/myAccount/update URI...

CVE-2022-26180

qdPM 9.2 allows Cross-Site Request Forgery CSRF via the index.php/myAccount/update URI...

OPENSUSE-SU-2022:0113-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names bsc1194511. - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection bsc1194512. - CVE-2021-44533: Fixed incorrect handling of certificate subject an...

WordPress < 5.8 Missing 'Update URI' Plugin Header Vulnerability - Linux

WordPress is prone to a missing Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/o...

WordPress < 5.8 Missing 'Update URI' Plugin Header Vulnerability - Windows

WordPress is prone to a missing Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/o...

DEBIAN-CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

UBUNTU-CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

Directory traversal

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

CVE-2021-44223

WordPress before 5.8 is vulnerable due to missing Update URI plugin header, enabling remote code execution via supply-chain attacks on installations using plugins with slugs that meet WordPress.org naming constraints but aren’t present in the directory. Impact is high (remote, no user interaction...

Debian DLA-2232-1 : python-httplib2 security update

In httplib2, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper...