WordPress Newsletter plugin < 8.7.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Newsletter versions 8.7.1...

Kibana 8.x < 8.7.1 Multiples Vulnerabilities

According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities. - An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to...

CVE-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...

OPENSUSE-SU-2024:13805-1 curl-8.7.1-1.1 on GA media

These are all security issues fixed in the curl-8.7.1-1.1 package on the GA media of openSUSE Tumbleweed...

HYPR Security Vulnerabilities

HYPR is a security application from HYPR that implements password-less security. A security vulnerability exists in HYPR Workforce Access versions prior to 8.7.1 that stems from incorrectly resolved file access links...

Atlassian Jira 7.0.6 < 8.5.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.0.6 prior to 8.5.4 or 8.6.x prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities: - A flaw which permits remote attackers to achieve Denial of Service via a...

Security Bulletin: urllib upgrade CVE-2021-33503, CVE-2021-28363

Summary The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificat...

Authentication flaw

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1...

CVE-2019-20897

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1...

Cross site scripting

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7....

CVE-2020-14173

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7....

Atlassian JIRA Server and Atlassian JIRA Data Center Cross-Site Scripting Vulnerabilities

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system that is used to track and manage all...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2015-2601, CVE-2015-2625, CVE-2015-1931 )

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.7 that is used by Rational Service Tester. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2601 DESCRIPTION: An unspecified vulnerability...