CVE-2023-46742 CubeFS leaks users key in logs

CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to th...

CVE-2023-46738 Authenticated users can crash the CubeFS servers with maliciously crafted requests

CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cau...

Theme Switcha < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themeswitchalist' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

CVE-2023-38956

CVE-2023-38956 affects ZKTeco BioAccess IVS v3.3.1. A path traversal flaw (failure to properly filter path elements) can allow unauthenticated attackers to read arbitrary files by sending a crafted payload. The vulnerability is documented across multiple sources (CNVD, RH Red Hat, NVD) with consi...

CVE-2023-38954

ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability...

govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

GHSA-X2XW-HW8G-6773 govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

CVE-2020-23589

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to cause a Denial of Service by Rebooting the router through " /mgmdevreboot.asp."...

Cross site request forgery (csrf)

A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp "...

PT-2022-8684 · Optilink · Optilink Op-Xt71000N

Name of the Vulnerable Software and Affected Versions: OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP V3.3.1-191028 Description: A vulnerability allows an attacker to upload arbitrary files through "/mgm dev upgrade.asp" which can delete every file for Denial of Service using r...

GHSA-3QMC-2R76-4RQP Redwood is vulnerable to account takeover via dbAuth "forgot-password"

Impact What kind of vulnerability is it? Who is impacted? This is an API vulnerability in Redwood's dbAuth, specifically the dbAuth forgot password feature: - only projects with the dbAuth "forgot password" feature are affected - this vulnerability was introduced in v0.38.0 User Accounts are...

Western Digital My Cloud Multiple Products < 2.12.127 / 2.20 - 2.30 < 2.31.149 Multiple Vulnerabilities

Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GetSimple CMS 3.3.1 - Persistent Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1...

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1...