RICOH Printers Multiple Vulnerabilities in PostScript Interpreter (ricoh-2024-000001)

Multiple RICOH printers and multifunction printers are prone to multiple vulnerabilities in the PostScript interpreter. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

WordPress plugin Embed Peertube Playlist security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-31880 · WordPress · Embed Peertube Playlist

Name of the Vulnerable Software and Affected Versions: Embed Peertube Playlist WordPress plugin versions prior to 1.10 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

PT-2024-22724 · Unknown · Ticket Tailor

Name of the Vulnerable Software and Affected Versions: Ticket Tailor versions 1.10 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means an attacker can inject malicious scripts into the website,...

WordPress Ticket Tailor Plugin <= 1.10 is vulnerable to Cross Site Scripting (XSS)

Software Ticket Tailor Type Plugin Vulnerable versions = 1.10 Fixed in 1.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29104 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bf9f96915120 Credits Ray Wilson Required privilege Contributor...

WordPress Debug Plugin <= 1.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Debug Type Plugin Vulnerable versions = 1.10 Fixed in 1.11 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24798 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7c7ee723dce1 Credits Nguyen Xuan Chien Required...

ai.chronon:aggregator_2.13 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:api_2.13 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +3807 more potentially affected by CVE-2023-39410 via org.apache.avro:avro (>=1.10.0 <=1.11.2)

org.apache.avro:avro MAVEN version =1.10.0, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.20.0, =0.22.0, =0.0.14, =0.0.14, =3.36.1.1, =3.42.0.1, =3.36.0.3-1-3.2, =0.18.5, =0.0.4, =0.0.1, =0.1.7 - ai.tripl:arc-debezium-pipeline-plugin2.12 =1.5.0 and more Source cves: CVE-2023-39410 Source advisory:...

CVE-2023-43242

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel...

CVE-2023-39637

D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis...

D-Link DIR-816 A2 Command Injection Vulnerability

The D-Link DIR-816 A2 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816 A2 version 1.10 B05, which originates from the component /goform/Diagnosis containing command injection...

WordPress Fast Index Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Software Fast Index Type Plugin Vulnerable versions = 1.9 Fixed in 1.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1efd80ca1662 Credits Rafie Muhammad Patchstack Required...

PT-2023-25162 · Jenkins · Jenkins Maven Repository Server Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Repository Server Plugin versions 1.10 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the versions of build artifacts on the Build Artifacts As Maven Repository...

Jenkins Plugin Maven Repository Server 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2013-10030

A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely...

CVE-2013-10030 Exit Box Lite Plugin wordpress-exit-box-lite.php information disclosure

A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely...

CVE-2023-30063

D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass...

Cilium 日志信息泄露漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. A logging information disclosure vulnerability exists in Cilium that stems from Cilium logging...

CVE-2023-24544

Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier,...

CVE-2023-28611

Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions...

SUSE CVE-2017-7234

A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...