Apache Causeway: Java deserialization vulnerability to authenticated attackers

Apache Software Foundation Apache Causeway apache causeway +1个

Remote Code Execution in Looker due to Improperly Validated Directory Deletion

Google Cloud Looker

A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in For...

Fortinet FortiADC fortinet fortiadc +1个

Denial of service vulnerability in HAProxy mjson library

HAProxy Technologies HAProxy Community Edition haproxy aloha_appliance +7个

Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manage...

upKeeper Solutions upKeeper Manager upkeeper upkeeper_manager

Code Snippets <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains

codesnippetspro Code Snippets

GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name'

stellarwp GiveWP – Donation Plugin and Fundraising Platform givewp givewp

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.19 - Unauthenticated Stored Cross-Site Scripting

smub Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM

Shelly Pro 4PM

Out-of-bounds Read in Shelly Pro 3EM

Shelly Pro 3EM

SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution

brainstormforce SureForms – Contact Form, Custom Form Builder, Calculator & More

SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure

softaculous SiteSEO – SEO Simplified

WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload

Unknown WavePlayer

SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset

softaculous SiteSEO – SEO Simplified

WP Login and Register using JWT <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) API Key Exposure

cyberlord92 WP Login and Register using JWT

Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery

dfactory Responsive Lightbox & Gallery

Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update

wpwax Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings

FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode

amans2k FunnelKit – Funnel Builder for WooCommerce Checkout

WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import

smackcoders WP Import – Ultimate CSV XML Importer for WordPress

Community Events <= 1.5.4 - Unauthenticated SQL Injection

jackdewey Community Events