21 matches found
CVE-2026-1729
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...
WordPress plugin AdForest 访问控制错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2022-2172
Malicious code in bioql PyPI...
EUVD-2024-39122
Malicious code in bioql PyPI...
MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'zlib' class MetasploitModule 'MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever', 'Description' = %q MongoDB Ops Manag...
CVE-2024-41668
The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...
CVE-2024-41668
The CVE-2024-41668 affects cBioPortal for Cancer Genomics. A publicly exposed proxy endpoint without authentication allows Server-Side Request Forgery (SSRF); logged-in users can exploit this on private instances too. A fix is available in version 6.0.12. As a workaround, disable the /proxy endpo...
CVE-2024-41668 cBioPortal Proxy Endpoint Vulnerabliity
The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...
CVE-2024-41668 cBioPortal Proxy Endpoint Vulnerabliity
The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...
PT-2024-29495 · Unknown · Cbioportal
Name of the Vulnerable Software and Affected Versions: cBioPortal versions prior to 6.0.12 Description: The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication...
GSD-2023-1000081 sctp: fix memory leak in sctp_stream_outq_migrate()
sctp: fix memory leak in sctpstreamoutqmigrate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.12 by commit...
PT-2023-33178 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: libbpf versions prior to v6.0.12 Description: The issue is related to a handle size overflow for ringbuf mmap. It was introduced in Linux Kernel version v5.8 and fixed in version v6.0.12. The actual impact and attack plausibility have not yet...
PT-2023-33170 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: A potential security issue exists due to a missing function call in the probe and remove methods of the m can class. The actual impact and attack plausibility have not yet been proven...
PT-2023-33146 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue concerns the nvme ns head list in the Linux Kernel, specifically with regards to SRCU protection. The actual impact and potential for attack have not been proven yet...
PT-2023-33141 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue is related to a potential security vulnerability in the Linux Kernel. It was introduced in version v5.13 and fixed in version v6.0.12. The actual impact and attack plausibility hav...
PT-2023-33164 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: A NULL dereference issue has been identified. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.12, update to versi...
PT-2023-33156 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue is related to a pci device refcount leak in the nv1a ram new function. This problem was introduced in version v3.14 and is fixed in Linux Kernel version v6.0.12. The actual impact...
Security Updates for Microsoft ASP.NET Core (December 2022)
A remote code execution vulnerability exists in ASP.NET core 3.1, ASP.NET 6.0, and ASP.NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files. Note that Nessus has not tested for this issue but has instead relied only on the...
Splunk Enterprise Multiple OpenSSL Vulnerabilities (SP-CAAAPQM)
Splunk Enterprise is prone to multiple OpenSSL vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk"; i...
TYPO3内容编辑向导反序列化对象任意文件删除漏洞
TYPO3是一款基于PHP4/PHP5+MYsql的内容管理系统。 TYPO3内容编辑向导存在未明安全漏洞,允许通过验证的远程攻击者利用漏洞反序列化任意对象,删除任意文件。 0 TYPO3 4.5.0 TYPO3 4.5.31 TYPO3 4.7.0 TYPO3 4.7.16 TYPO3 6.0.0 TYPO3 6.0.11 TYPO3 6.1.0 TYPO3 6.1.6 TYPO3 6.2 厂商补丁: TYPO3 ----- TYPO3 4.5.32, 4.7.17, 6.0.12, 6.1.7已经修复该漏洞,请到厂商的主页下载: http://typo3.org/...