6 matches found
GHSA-M4W9-HJFW-VWJ4 http4k: `HmacSha256.hash` (despite the `Hmac` naming) computed a plain unkeyed digest; clarified by deprecation in favour of `Sha256.hash` / `Sha256.hmac`
Impact The HmacSha256 class contained two functions: - hashpayload — a plain unkeyed SHA-256 digest. The Hmac prefix in the class name was misleading; this function has no key parameter, so it could never have been an HMAC. - hmacSHA256key, data — a properly keyed HMAC-SHA256. A reader who didn't...
PT-2025-3356 · Baidu · Baidu Lite
Name of the Vulnerable Software and Affected Versions: Baidu Lite version 6.40.0 Description: The issue allows attackers to access user information by supplying a crafted link. Recommendations: For version 6.40.0, consider avoiding the use of links from untrusted sources until a patch is availabl...
VulnCheck KEV: CVE-2024-10781
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...
CVE-2023-38381
Cross-Site Request Forgery CSRF vulnerability in Cyle Conoly WP-FlyBox plugin = 6.46 versions...
MikroTik RouterOS 命令注入漏洞
MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A security vulnerability exists in MikroTik RouterOS version 6.47.9 that allows remote authenticated ftp users to...
MikroTik Denial of Service Vulnerability
MikroTik is a set of routing operating system based on Linux core development of Latvian MikroTik company. The system turns a PC computer into a professional router. A security vulnerability exists in MikroTik version 6.40.5. A remote attacker can exploit this vulnerability with a large number of...