CVE-2023-4242
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authentic ...
Continue Reading
August 09, 2023
Medium: tomcat
**Issue Overview:** The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. ...
Continue Reading
August 09, 2023
Information Disclosure
gitlab is vulnerable to Information Disclosure. The vulnerability may allow an authenticated user to unmask the Discord Webhook URL through viewing the raw API response.Read More ...
Continue Reading
August 09, 2023
Information Disclosure
gitlab is vulnerable to Information Disclosure. Non-project members are able to retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the p ...
Continue Reading
August 09, 2023
Insufficient Policy Enforcement
chromium is vulnerable to Insufficient Policy Enforcement. Insufficient policy enforcement in File System API allows a remote attacker to bypass filesystem restrictions via a crafted HTML page.Read Mo ...
Continue Reading
August 09, 2023
CVE-2023-3569
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload ...
Continue Reading
August 08, 2023
[SECURITY] Fedora 38 Update: python-aiohttp-3.8.5-1.fc38
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webserve rs with middlewares and pluggable routing.Read ...
Continue Reading
August 08, 2023
CVE-2023-4140
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. Thi ...
Continue Reading
August 04, 2023
CVE-2023-3247
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower rang ...
Continue Reading
August 04, 2023
CVE-2023-37554
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component ...
Continue Reading
August 03, 2023
