EUVD-2020-28591

Malware in sbrugna...

EUVD-2021-7718

Malicious code in bioql PyPI...

CVE-2023-4617

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

CVE-2024-31111

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,...

WordPress Contact Form 7 Plugin <= 5.9 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Type Plugin Vulnerable versions = 5.9 Fixed in 5.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2242 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d34f7907f9a Credits Asaf Mozes Required...

WordPress 5.9.x < 5.9.8 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

CVE-2023-39999

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4...

WordPress Menubar Plugin <= 5.8.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Menubar Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-36687 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d827ae024a19 Credits LEE SE HYOUNG hackintoanetwor...

CVE-2023-21861

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Visual Analyzer. Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2022-3688 WPQA < 5.9 - Follow/Unfollow via CSRF

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...

GSD-2022-1004124 net: dsa: microchip: ksz_common: Fix refcount leak bug

net: dsa: microchip: kszcommon: Fix refcount leak bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.15 by commit...

WordPress (5.9-5.9.1) / Gutenberg (9.8.0-12.7.1) - Contributor+ Stored Cross-Site Scripting

Description Post authors are able to bypass KSES restrictions in WordPress = 5.9 and or Gutenberg = 9.8.0 due to the order filters are executed, which could allow them to perform to Stored Cross-Site Scripting attacks As a user without the UNFILTEREDHTML capability, create a post containing the...

GSD-2021-1001670 s390/qeth: fix NULL deref in qeth_clear_working_pool_list()

s390/qeth: fix NULL deref in qethclearworkingpoollist This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.70 by commit...

GSD-2021-1000299 KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU

KVM: Destroy I/O bus devices on unregister failure after sync'ing SRCU This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...

GSD-2021-1000301 drm/amdgpu: Init GFX10_ADDR_CONFIG for VCN v3 in DPG mode.

drm/amdgpu: Init GFX10ADDRCONFIG for VCN v3 in DPG mode. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...

Linux: special config may crash when trying to map foreign pages

ISSUE DESCRIPTION With CONFIGXENBALLOONMEMORYHOTPLUG disabled and CONFIGXENUNPOPULATEDALLOC enabled the Linux kernel will use guest physical addresses allocated via the ZONEDEVICE functionality for mapping foreign guest's pages. This will result in problems, as the p2m list will only cover the...

Gigamon GigaVUE-OS Encryption Issue Vulnerability

Gigamon GigaVUE-OS is an operating system for GigaVUE network devices from Gigamon, USA. A security vulnerability exists in GigaVUE-OS GVOS 5.4 - 5.9 that stems from the use of a weak algorithm for hashing stored in an internal database. No details of the vulnerability are available at this time...

PT-2020-19598 · Music Player Daemon · Mpd

Name of the Vulnerable Software and Affected Versions: MPD versions prior to 5.9 Description: The issue allows a remote attacker who can send specifically crafted PPP authentication messages to cause the daemon to read beyond an allocated memory buffer, resulting in a denial of service condition...

CVE-2018-10854

cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field...

OpenSSH 'auth2-gss.c' User Enumeration Vulnerability - Windows

OpenSSH is prone to a user enumeration vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...