EUVD-2022-49932

Malicious code in bioql PyPI...

WordPress plugin Booking Calendar Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

CVE-2024-6862 Cross-Site Request Forgery (CSRF) in lunary-ai/lunary

A Cross-Site Request Forgery CSRF vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create projects or use the instance as if they were a user with local access. The main attack vector is for...

CVE-2024-6862

CVE-2024-6862 concerns lunary-ai/lunary version 1.2.34 with CSRF arising from overly permissive CORS settings. The backend allegedly permits all origins, exposing unauthenticated endpoints and enabling CSRF attacks that can let an attacker sign up for and create projects or operate as a user on l...

Kanboard Security Breach

Kanboard is a suite of open source visual task board software. The software has the ability to customize the panels according to the business. A security vulnerability exists in Kanboard version 1.2.34 that stems from vulnerability to HTML injection attacks...

PT-2024-19540 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard version 1.2.34 Description: The issue concerns Html Injection in the group management feature. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incident...

CVE-2022-47157

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Don Benjamin WP Custom Fields Search plugin = 1.2.34 versions...