GROWI vulnerable to cross-site request forgery

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-64700 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security...

CVE-2023-3696

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...

MongoDB Server 访问控制错误漏洞

MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server that stems from the possibility that an...

MongoDB 6.0.x < 6.0.17 / 7.0.x < 7.0.13 / 7.3.x < 7.3.4 incorrect enforcement of index constraints (SERVER-92382)

The version of MongoDB installed on the remote host is prior to 6.0.17, 7.0.13 and 7.3.4. It is, therefore, affected by a vulnerability as referenced in the SERVER-92382 advisory. - PrepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries...

MongoDB DoS Vulnerability (SERVER-92382) - Linux

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

BIT-MONGOOSE-2023-3696 Prototype Pollution in automattic/mongoose

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Katie Seaborn Zotpress plugin = 7.3.4 versions...

Automattic Mongoose 安全漏洞

Automattic Mongoose is a MongoDB object modeling tool for asynchronous environments. A security vulnerability exists in Automattic Mongoose versions prior to 7.3.4 that stems from the presence of a prototype contamination vulnerability...

Cesanta Mongoose Web Server < 7.3.4 Prototype Pollution Vulnerability

Cesanta Mongoose Web Server is prone to a prototype pollution vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Zotpress < 7.3.4 - Unauthenticated Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Zotpress Plugin <= 7.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Zotpress Type Plugin Vulnerable versions = 7.3.3 Fixed in 7.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32961 Patch priority Medium CVSS severity Medium 7.1 Developer Katie Seaborn PSID 1e1dc3c4b47a Credits LOURCODE Required privileg...

WordPress plugin ExpressTech Quiz And Survey Master 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress plugin Quiz And Survey Master 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Grafana has an unspecified vulnerability (CNVD-2022-25208)

Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is mainly used for monitoring and analyzing Graphite, InfluxDB, Prometheus, etc. A security vulnerability exists in Grafana version 7.3.4 and earlier, which stems from the fact...

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. A cross-site scripting vulnerability exists in Liferay...

Multiple access restriction bypass vulnerabilities in UNIQLO App

Overview UNIQLO App provided by UNIQLO CO., LTD. contains multiple access restriction bypass vulnerabilities below. A remote attacker may be able to lead a user to access an arbitrary website via the vulnerable App. The App launched by a Custom URL Scheme may lead a user to access an arbitrary UR...

php: Heap buffer overflow in function exif_process_IFD_TAG()

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exifprocessIFDTAG function. This may lead to information disclosure or crash...

PHP 'new COM()' Denial of Service Vulnerability

Description PHP is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to crash the affected application resulting in denial-of-service condition. Versions prior to PHP 7.4.0 are vulnerable. Technologies Affected PHP PHP 7.3.0 PHP PHP 7.3.1 PHP PHP 7.3.2 PHP PHP...

Fedora 30 : php (2019-1d78e14cfd)

PHP version 7.3.4 04 April 2019 Core: - Fixed bug php77738 Nullptr deref in zendcompileexpr. Laruence - Fixed bug php77660 Segmentation fault on break 2147483648. Laruence - Fixed bug php77652 Anonymous classes can lose their interface information. Nikita - Fixed bug php77345 Stack Overflow cause...

PHP 7.2.x < 7.2.17 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.28, 7.2.x prior to 7.2.17 or 7.3.x prior to 7.3.4. It is, therefore, affected by multiple vulnerabilities: - A heap-based buffer over-read condition exists in phpifdget32s in exif.c. - A heap-based...