The "Buy Me a Coffee â Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, a ...
Continue Reading
July 11, 2023
The "Buy Me a Coffee â Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect, name ...
Continue Reading
July 11, 2023
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read applicat ...
Continue Reading
July 10, 2023
SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary cod ...
Continue Reading
July 10, 2023
## Summary Vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty when the feature mpGraphQL-1.0 or mpGraphQL-2.0 is enabled. Following IBM® Engineering Lifecycl ...
Continue Reading
July 10, 2023
# CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit Transfe...Read More ...
Continue Reading
July 09, 2023
A potential Cross Site Scripting (XSS) vulnerablity ([CVE-2022-36180](https://security-tracker.debian.org/tracker/CVE-2022-36180)) and session handling vulnerability ([CVE-2022-36179](https://security ...
Continue Reading
July 08, 2023
A vulnerability has been found in phpCAS, a Central Authentication Service client library in php, which may allow an attacker to gain access to a victim's account on a vulnerable CASified service with ...
Continue Reading
July 08, 2023
Back to Main
