Description The Product Catalog Enquiry for WooCommerce by MultiVendorX plugin for WordPress is vulnerable to cross-site request forgery due to an improper capability check on the 'catalog_permis ...
Continue Reading27 февраля, 2024
Summary When using a modified client or the grpc interface directly, the RegisterRepository call accepts both the repository owner / repo and the repo_id. Furthermore, these two are not checked for m ...
Continue Reading27 февраля, 2024
SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude...Read More ...
Continue Reading27 февраля, 2024
TL;DR This vulnerability affects Kirby sites that use the new link field and output the entered link without additional validation or sanitization. The attack commonly requires user interaction by ano ...
Continue Reading26 февраля, 2024
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...
Continue Reading26 февраля, 2024
Ensuring the security of web applications and APIs is more critical than ever. With threats becoming increasingly prevalent and sophisticated, organizations need to employ comprehensive security measu ...
Continue Reading26 февраля, 2024
ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) al ...
Continue Reading26 февраля, 2024
Back to Main