213680 matches found
Path traversal
Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal...
Command injection
EzServer 6.4.017 allows a denial of service daemon crash via a long string, such as one for the RNTO command...
Cross site scripting
The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-optionscustomclass’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for...
Cross site request forgery (csrf)
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmproupdatelevelorder function. This...
Design/Logic Flaw
The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...
Cross site scripting
The "WebSub FKA. PubSubHubbub" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Stack overflow
D-Link DIR-882 DIR882A1FW130B06 was discovered to contain a stack overflow via the sub477AA0 function...
Code injection
An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...
Input validation
Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...
Sql injection
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter selectedIds is susceptible to SQL Injection. Any backend user with very basic...
Cross site scripting
DOM-based Cross Site Scripting XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent NCPA before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log...
Authentication flaw
An assertion failure discovered in in checkcertificaterequest in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service...
Code injection
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive...
Buffer overflow
Buffer over-read vulnerability in the dtlssha256update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet...
Code injection
Jenkins Matrix Project Plugin 822.v01b8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by...
Design/Logic Flaw
Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature...
Design/Logic Flaw
Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...
Buffer overflow
Buffer Overflow vulnerability in the nomath function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL...
Stack overflow
Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...
Design/Logic Flaw
An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL...
Design/Logic Flaw
An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub415C80 function...
Command injection
An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub41284C function...
Buffer overflow
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtlsccmdecryptmessage...
Design/Logic Flaw
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length o...
Cross site scripting
Jenkins 2.217 through 2.441 both inclusive, LTS 2.222.1 through 2.426.2 both inclusive does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenki...
Design/Logic Flaw
An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub415AA4 function...
Design/Logic Flaw
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system...
Double free
Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...
Information disclosure
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL...
Code injection
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Double free
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
Design/Logic Flaw
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Default credentials
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to res...
Design/Logic Flaw
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...
Code injection
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious...
Command injection
Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL...
Buffer overflow
Buffer Overflow vulnerability in the main function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath...
Buffer overflow
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component...
Command injection
There is a command injection vulnerability in the ssdpcgimain function of cgibin binary in D-Link DIR-815 router firmware v1.04...
Cross site scripting
Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting XSS vulnerability. The vulnerability was present in the server's error reporting...
Privilege escalation
Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service...
Design/Logic Flaw
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...
Cross site scripting
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Code injection
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15...
Deserialization of untrusted data
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...
Code injection
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version...
Design/Logic Flaw
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...
Unrestricted file upload
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3...
Unrestricted file upload
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7...