π¨ CVE-2022-46143
Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.
π@cveNotify
Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.
π@cveNotify
π¨ CVE-2023-38522
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.
This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.
Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
π@cveNotify
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.
This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.
Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
π@cveNotify
π¨ CVE-2024-35161
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.
This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.
Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.
Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
π@cveNotify
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.
This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.
Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.
Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
π@cveNotify
π¨ CVE-2024-37935
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
π@cveNotify
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
π@cveNotify
Patchstack
Broken Access Control in WordPress Woocommerce OpenPos Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-38688
Missing Authorization vulnerability in Igor BeniΔ Recipe Maker For Your Food Blog from Zip Recipes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.2.6.
π@cveNotify
Missing Authorization vulnerability in Igor BeniΔ Recipe Maker For Your Food Blog from Zip Recipes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.2.6.
π@cveNotify
Patchstack
Open Source Vulnerability Database
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2024-2259
This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerable parameter to perform reflected Cross Site Scripting (XSS) attacks on the targeted system.
π@cveNotify
This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerable parameter to perform reflected Cross Site Scripting (XSS) attacks on the targeted system.
π@cveNotify
π¨ CVE-2024-38699
Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13.
π@cveNotify
Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13.
π@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Wallet System for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-38724
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary and Print: from n/a through 1.2.5.
π@cveNotify
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary and Print: from n/a through 1.2.5.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Contact Form 7 Summary and Print Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-38742
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. MBE eShip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MBE eShip: from n/a through 2.1.2.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. MBE eShip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MBE eShip: from n/a through 2.1.2.
π@cveNotify
Patchstack
Sensitive Data Exposure in WordPress MBE eShip Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-38747
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3.
π@cveNotify
Patchstack
Sensitive Data Exposure in WordPress HitPay Payment Gateway for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-38749
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2.
π@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Olive One Click Demo Import Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-38752
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).This issue affects Zoho Campaigns: from n/a through 2.0.8.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).This issue affects Zoho Campaigns: from n/a through 2.0.8.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Zoho Campaigns Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-38756
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3.
π@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Coming Soon Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-38760
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1.
π@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Send Users Email Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-38787
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a through 1.26.8.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a through 1.26.8.
π@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Import and export users and customers Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-39642
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.
π@cveNotify
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.
π@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress LearnPress Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-39651
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5.
π@cveNotify
Patchstack
Arbitrary File Deletion in WordPress WooCommerce PDF Vouchers Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-40697
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895.
π@cveNotify
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895.
π@cveNotify
Ibmcloud
IBM X-Force Exchange
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2024-41774
IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348.
π@cveNotify
IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348.
π@cveNotify
Ibmcloud
IBM X-Force Exchange
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2024-43121
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.
π@cveNotify
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.
π@cveNotify
Patchstack
Privilege Escalation in WordPress HUSKY Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43128
Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1.
π@cveNotify
Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1.
π@cveNotify
Patchstack
Content Injection in WordPress WooCommerce Product Table Lite Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.