Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in SVGator SVGator – Add Animated SVG Easily.This issue affects SVGator – Add Animated SVG Easily: from n/a through 1.2.4...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4...

Design/Logic Flaw

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Kevin Ohashi WPPerformanceTester.This issue affects WPPerformanceTester: from n/a through 2.0.0...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in QuanticEdge First Order Discount Woocommerce.This issue affects First Order Discount Woocommerce: from n/a through 1.21...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5...

Design/Logic Flaw

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in PayTR Ödeme ve Elektronik Para Kurulusu A.S. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1...

Design/Logic Flaw

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The function nftpipapowalk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO Pile Packet Policies elements, leadi...

Design/Logic Flaw

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

Heap overflow

A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial ...

Design/Logic Flaw

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...

Design/Logic Flaw

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...

Heap overflow

A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer...

Design/Logic Flaw

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...

Path traversal

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path...

Heap overflow

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash...

Design/Logic Flaw

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials JDBC store with connection pooling, remote store, the credentials are returned in clear text as part of the configuration...

Buffer overflow

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity...

Information disclosure

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information like capabilities about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to...

Command injection

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera...

Design/Logic Flaw

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service DoS situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle...

Input validation

An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service DoS situation...

Information disclosure

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Hiroaki Miyashita Custom Post Type Page Template.This issue affects Custom Post Type Page Template: from n/a through 1.1...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3...

Session fixation

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user...

Command injection

An attacker who has the privilege to configure Zabbix items can use function icmpping with additional malicious command inside it to execute arbitrary code on the current Zabbix server...

Remote code execution

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...

Integer overflow

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server...

Cross site scripting

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting XSS attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console...

Design/Logic Flaw

The api /api/snapshot and /api/getlogfile would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues...

Authentication flaw

The vulnerability exists in ADiTaaS Allied Digital Integrated Tool-as-a-Service version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable...

Path traversal

A vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. This affects the function unzipfile of the file kuiper/app/controllers/casemanagement.py of the component TAR Archive Handler. The manipulation of the argument dstpath leads to path traversal. It is possib...

Buffer overflow

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer...

Command injection

gf2n.cpp in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service application crash via DER public-key data for an F2^m curve, if the degree of each term in the polynomial is not strictly decreasing...

Authentication flaw

A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper...

Code injection

ModularSquareRoot in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service infinite loop via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853...

Path traversal

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...

Design/Logic Flaw

Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding...

Authorization

Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiate...