WordPress WPeMatico RSS Feed Fetcher plugin < 2.8.13 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin WPeMatico RSS Feed Fetcher versions 2.8.13...

EUVD-2022-48990

Malicious code in bioql PyPI...

WordPress plugin Post Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-2260 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.8.13 Argo CD versions prior to 2.9.9 Argo CD versions prior to 2.10.4 Description: The issue is related to the mechanism of caching in Argo CD, which is a declarative, GitOps continuous delivery tool for Kubernetes...

WordPress Campaign Monitor for WordPress Plugin <= 2.8.13 is vulnerable to Cross Site Scripting (XSS)

Software Campaign Monitor for WordPress Type Plugin Vulnerable versions = 2.8.13 Fixed in 2.8.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38474 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 625473050b18 Credits Phd Required...

NodeBB 2.x < 2.8.13, 3.x < 3.1.3 Information Disclosure Vulnerability

NodeBB is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

Discourse < 2.8.13 Information Disclosure Vulnerability

Discourse is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-46150

Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue...

Code injection

Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue...

CVE-2022-46150 Discourse may allow exposure of hidden tags in the subject of notification emails

Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue...

CVE-2022-46150 Discourse may allow exposure of hidden tags in the subject of notification emails

Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue...

CVE-2014-6048

phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request...

CVE-2014-6049

phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter...

CVE-2014-6048

The CVE-2014-6048 flaw affects phpMyFAQ before version 2.8.13, where an attacker can read arbitrary attachments via a direct request due to a missing check on whether an attachment is being requested. Public references describe unauthenticated read access and verify the core issue as improper acc...

openSUSE Security Update : ffmpeg / ffmpeg2 (openSUSE-2017-1067)

This update introduces lame and twolame. For ffmpeg2 it updates to version 2.8.13 and fixes several issues. These security issues were fixed : - CVE-2017-14058: The readdata function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to...