[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253562

 
 

909

 
 

197267

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 1011 Download | Alert*

An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploit ...

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, ...

The Shield Security ��� Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.1.13. This is due to missing or incorrect nonce validation on the exec function. This makes it possible for unauthenticated attackers to disable pin protection for the admin interface of the plugin via a forged request ...

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.

The WordPress Infinite Scroll ��� Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will exe ...

The User Registration ��� Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it possible for authenticated attackers, with contributor-level permissions and above, to import a regist ...

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-4342. Reason: This candidate is a reservation duplicate of CVE-2024-4342. Notes: All CVE users should reference CVE-2024-4342 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior.

There exists interger overflows in libvpx in versions prior to 1.14.1.��Calling vpx_img_alloc()��with a large value of the d_w, d_h, or align��parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t��struct may be invalid.��Calling vpx_img_wrap()��with a large value of the d_w, d_h, or stride_align��parameter may result ...

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.


Pages:      Start    6    7    8    9    10    11    12    13    14    15    16    17    18    19    ..   101

© SecPod Technologies