EUVD-2023-30328

Malicious code in bioql PyPI...

CVE-2023-26531

Cross-Site Request Forgery CSRF vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条: from n/a through 4.2.7...

WordPress plugin LearnPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin LearnPress...

Wireshark Security Update (wnpa-sec-2024-13) - Windows

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

DEBIAN-CVE-2024-9781

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file...

Fedora: Security Advisory (FEDORA-2024-105eb3026f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Popup Builder Plugin <= 4.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2506 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5081e1f78a97 Credits Tim Coen Required privileg...

SPIP < 4.1.13, 4.2.x < 4.2.7 XSS Vulnerability

SPIP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip";...

PT-2024-14522 · Spip · Spip

Name of the Vulnerable Software and Affected Versions: SPIP versions 4.1.3 and earlier SPIP versions 4.2.x through 4.2.6 Description: The issue arises from the ecrire/public/assembler.php file in SPIP, where input from request is not restricted to safe characters, such as alphanumerics, allowing...

CVE-2023-26531

Cross-Site Request Forgery CSRF vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条: from n/a through 4.2.7...

PT-2023-20707 · Unknown · 多合一搜索自动推送管理插件

Name of the Vulnerable Software and Affected Versions: 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 versions through 4.2.7 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions through 4.2.7, as a...

Django Security Vulnerabilities

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django versions prior to 4.2.7 that stems from the presence of...

WordPress Mega Addons For WPBakery Page Builder Plugin <= 4.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Mega Addons For WPBakery Page Builder Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0268 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f4952c1a005f...

Joomla 4.0.x < 4.2.7 Multiple Vulnerabilities (5876-joomla-4-2-7-security-and-bug-fix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.2.7. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the...

WordPress plugin Mega Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2022-27365 · WordPress · Mega Addons

Name of the Vulnerable Software and Affected Versions: Mega Addons plugin for WordPress versions up to, and including, 4.2.7 Description: The issue is related to authorization bypass due to a missing capability check on the vc saving data function. This allows authenticated attackers with...

CodeIgniter 安全漏洞

CodeIgniter is an open source web framework written in the PHP language. A security vulnerability exists in CodeIgniter versions prior to 4.2.7 that stems from its incorrect configuration causing cookie values to be incorrectly publicized to scripts...

Remote code execution

Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution RCE vulnerability via the Active Response endpoint...

CVE-2021-45885

An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...

WordPress Simple File List plugin <= 4.2.7 - Authenticated Arbitrary File Deletion vulnerability

Authenticated Arbitrary File Deletion vulnerability discovered by Christian Niel Angel in WordPress Simple File List plugin versions = 4.2.7. Solution Update the WordPress Simple File List plugin to the latest available version at least 4.2.8...