105 matches found
CVE-2025-23829
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codingkart Woo Update Variations In Cart woo-update-variations-in-cart allows Stored XSS.This issue affects Woo Update Variations In Cart: from n/a through = 0.0.9...
CVE-2025-23829
The CVE-2025-23829 issue affects the WordPress plugin “Woo Update Variations In Cart” up to version 0.0.9. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation. Affected component/file is the plugin’s input handling, l...
WordPress plugin Woo Update Variations In Cart 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
MAL-2025-191671 Malicious code in aclient-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 aa9e5d91a1f45bce354edc5b12fcacf603db5e00dc4a48628d3fe5fff37d0eb2 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
WordPress Woo Update Variations In Cart plugin <= 0.0.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Woo Update Variations In Cart versions = 0.0.9...
CVE-2024-5987
The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savecontrastvariations' and 'saveemptycontrastvariations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for...
PT-2024-37295 · WordPress · Wp Accessibility Helper
Name of the Vulnerable Software and Affected Versions: WP Accessibility Helper plugin versions prior to 0.6.2.8 Description: The issue allows authenticated attackers with Subscriber-level access and above to edit or delete contrast settings due to a missing capability check on the save contrast...
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...
RUSTSEC-2024-0354 Usage of non-constant time base64 decoder could lead to leakage of secret key material
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...
DEBIAN-CVE-2024-40919
In the Linux kernel, the following vulnerability has been resolved: bnxten: Adjust logging of firmware messages in case of released token in hwrmsend In case of token is released due to token-state == BNXTHWRMDEFERRED, released token set to NULL is used in log messages. This issue is expected to ...
PT-2024-35968 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.13 Description: The issue arises due to the application not properly validating the ownership of dataset prompts and their variations against the organization or project of the requesting user. As a result,...
PT-2024-34585 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.2 Description: An Insecure Direct Object Reference IDOR vulnerability was identified, allowing unauthorized users to view, update, or delete any dataset prompt or dataset prompt variation with...
PT-2023-35972 · Git +1 · Harfbuzz
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including OT::glyph variations t::create from glyp...
WordPress Duplicate Variations for Woocommerce Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software Duplicate Variations for Woocommerce Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8cf89aee8b9 Credits Rafie Muhamma...
SUSE CVE-2012-5612
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service memory corruption and crash and possibly execute arbitrary code, as demonstrated using certain...
Snipe-IT allows attackers to check whether a user account exists
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...
Design/Logic Flaw
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...
CVE-2022-44381
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...
tomcat: JNDI realm authentication weakness
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...
WordPress Smart Variations Images & Swatches for WooCommerce plugin < 5.1.10 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Smart Variations Images & Swatches for WooCommerce plugin versions 5.1.10. Solution Update the WordPress Smart Variations Images & Swatches for WooCommerce plugin to the latest available version at lea...