CVE-2023-43791

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

Format string

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

CVE-2023-43791 Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

CVE-2023-44996

Cross-Site Request Forgery CSRF vulnerability in Naresh Parmar Post View Count plugin = 1.8.2 versions...

PT-2023-29339 · WordPress · Naresh Parmar Post View Count

Name of the Vulnerable Software and Affected Versions: Naresh Parmar Post View Count plugin versions 1.8.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

CVE-2023-44246

Cross-Site Request Forgery CSRF vulnerability in Matias s Shockingly Simple Favicon plugin = 1.8.2 versions...

CVE-2020-36744

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...

CVE-2023-25786

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin = 1.8.2 versions...

WordPress plugin Eyes Only: User Access Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

Sql injection

Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advis...

PT-2023-16344 · WordPress · Campaign Url Builder

Name of the Vulnerable Software and Affected Versions: Campaign URL Builder WordPress plugin versions prior to 1.8.2 Description: The issue is related to the Campaign URL Builder WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a...

SUSE CVE-2005-1391

Buffer overflow in the addport function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header...

Cross site scripting

A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vulnerability affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.8.2 is...

CVE-2022-4877 snoyberg keter Proxy.hs cross site scripting

A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vulnerability affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.8.2 is...

CVE-2022-34654

Cross-Site Request Forgery CSRF in Virgial Berveling's Manage Notification E-mails plugin = 1.8.2 on WordPress...

WordPress plugin Manage Notification E-mails 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF in GitHub repository appsmithorg/appsmith prior to 1.8.2...

CVE-2022-4096 Server-Side Request Forgery (SSRF) in appsmithorg/appsmith

Server-Side Request Forgery SSRF in GitHub repository appsmithorg/appsmith prior to 1.8.2...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version...

Alibaba Sentinel 代码问题漏洞

Alibaba Sentinel is a highly available open source flow control protection component for cloud-native microservices from Alibaba, China. A security vulnerability exists in Alibaba Sentinel version 1.8.2. An attacker can exploit this vulnerability to conduct server-side request forgery attacks...