1395 matches found
SUSE CVE-2024-1151
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...
DEBIAN-CVE-2024-1151
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...
WordPress plugin AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! Security Vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin AI Engine: Chatbots,...
PT-2024-20000 · Lemmy · Lemmy
Name of the Vulnerable Software and Affected Versions: Lemmy versions 0.17.0 through 0.19.0 Description: The issue allows any authenticated user to obtain arbitrary private message contents by creating a private message report. This is possible because the API response to creating a private messa...
CVE-2023-33295
Cohesity DataProtect prior to 6.8.1u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation...
PT-2024-15699 · WordPress · Vk Block Patterns
Name of the Vulnerable Software and Affected Versions: VK Block Patterns plugin for WordPress versions up to, and including, 1.31.1.1 Description: The issue is due to missing or incorrect nonce validation on the vbp clear patterns cache function, making it possible for unauthenticated attackers t...
PHPGurukul Company Visitor Management System 安全漏洞
Company Visitor Management System is a visitor management system. Company Visitor Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file search-visitor.php. An attacker can exploit this vulnerability to...
CVE-2023-0079
The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-6244
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...
PT-2023-31295 · Unknown · Job Portal
Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtTotal parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they are se...
PT-2023-8812 · Kofax · Kofax Power Pdf
Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this, where the target must visit ...
PT-2023-9684 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...
PT-2023-32441 · WordPress · Welcart E-Commerce
Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce WordPress plugin versions prior to 2.9.5 Description: The issue arises from the lack of file validation for uploads and the absence of authorization and CSRF protection in an AJAX action handling file uploads. This allows a...
CVE-2023-4297
The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories...
CVE-2023-5382
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfdeleteposts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a...
CVE-2023-2440
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...
PYSEC-2023-242
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
Desdev DedeCMS Cross-Site Request Forgery Vulnerability
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A cross-site request forgery...
CVE-2023-5975
The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to update the plugin settings via a forged...
kernel: Linux kernel: Denial of Service in vmwgfx due to invalid DMA surface copies
A flaw was discovered in the Linux kernel’s DRM vmwgfx driver related to how cursor images are snooped and copied. When the dimensions of a DMA surface copybox were derived from untrusted userspace data without proper validation against the expected snooped cursor size, an invalid size could caus...