213680 matches found
Cross site scripting
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
Cross site request forgery (csrf)
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3. This is due to missing or incorrect nonce validation on the 'processbulkaction' function. This makes it possible for unauthenticated attackers ...
Cross site scripting
The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This...
Cross site scripting
The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘errordescription’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...
Cross site request forgery (csrf)
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the processdelete function in class-DNSMPD.php. This makes it possible for unauthenticated...
Input validation
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to...
Input validation
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...
Design/Logic Flaw
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service CPU consumption for an isPrime primality check. NOTE: this issue was introduced when...
Design/Logic Flaw
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...
Cross site scripting
Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component...
Cross site scripting
Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component...
Cross site scripting
A cross-site scripting XSS vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...
Cross site scripting
A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...
Cross site scripting
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the addinvoices.php component...
Sql injection
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component...
Unrestricted file upload
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component...
Cross site scripting
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component...
Information disclosure
Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway GGW over port 9220...
Cross site scripting
Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter...
Improper access control
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating...
Authorization
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...
Cross site scripting
Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter...
Remote file inclusion
A local file inclusion LFI in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customersupport/index.php...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Fix another memory leak in error handling paths Memory allocated by 'vmbusallocring' at the beginning of the probe function is never freed in the error handling path. Add the missing 'vmbusfreering' call. Note that ...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Fix a memory leak in error handling paths If 'vmbusestablishgpadl' fails, the recv|sendgpadl will not be updated and 'hvuiocleanup' in the error handling path will not be able to free the corresponding buffer. In su...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-smbios-wmi: Fix oops on rmmod dellsmbios initdellsmbioswmi only registers the dellsmbioswmidriver on systems where the Dell WMI interface is supported. While exitdellsmbioswmi unregisters it unconditionally, th...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvmeloopcreatectrl When creating loop ctrl in nvmeloopcreatectrl, if nvmeinitctrl fails, the loop ctrl should be freed before jumping to the "out" label...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak in nvmetallocctrl When creating ctrl in nvmetallocctrl, if the cntlidmin is larger than cntlidmax of the subsystem, and jumps to the "outfreechangednslist" label, but the ctrl-sqs lack of be freed. Fix this...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCALWRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. leonro@...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedfupdatelinkspeed The following trace was observed: 14.042059 Call Trace: 14.042061 14.042068 qedflinkupdate+0x144/0x1f0 qedf 14.042117 qedlinkupdate+0x5c/0x80 qed 14.042135...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix removed dentries still existing after log is synced When we move one inode from one directory to another and both the inode and its previous parent directory were logged before, we are not supposed to have the dentry f...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: platform/x86: ideapad-laptop: fix a NULL pointer dereference The third parameter of dytccqlcommand should not be NULL since it will be dereferenced immediately...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Prevent divide-by-zero error triggered by the user The userentrysize is supplied by the user and later used as a denominator to calculate number of entries. The zero supplied by the user will trigger the following...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: habanalabs/gaudi: Fix a potential use after free in gaudimemsetdevicememory Our code analyzer reported a uaf. In gaudimemsetdevicememory, cb is get via hlcbkernelcreate with 2 refcount. If hlcsallocatejob failed, the execution ru...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxeqpdocleanup relies on valid pointer values in QP for the properly created ones, but in case rxeqpfrominit failed it was filled with garbage and caused tot the following error...
Integer overflow
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
Design/Logic Flaw
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
Improper access control
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request...
Design/Logic Flaw
A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service...
Code injection
A weak encoding is used to transmit credentials for WS203VICM...
Out-of-bounds
Industrial Control Systems Network Protocol Parsers ICSNPP - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution...
Out-of-bounds
Industrial Control Systems Network Protocol Parsers ICSNPP - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak some information in memory...
Out-of-bounds
Industrial Control Systems Network Protocol Parsers ICSNPP - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution...
Design/Logic Flaw
Previous versions of HP ThinPro prior to HP ThinPro 8.0 SP 8 could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate potential vulnerabilities...
Code injection
In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code...
Authentication flaw
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. Th...
Sql injection
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument categoryid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
Sql injection
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...