Aggregator

Submit #411202 / VDB-278784

A vulnerability was found in Simple Popup Plugin up to 4.5 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-8547. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Simple LDAP Login Plugin up to 1.6.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-8715. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in WP-WebAuthn Plugin up to 1.3.1 on WordPress. It has been classified as problematic. This affects the function wwa_login_form of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9023. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in EU UK VAT Manager for WooCommerce Plugin up to 2.12.12 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-8788. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in EU UK VAT Manager for WooCommerce Plugin up to 2.12.12 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-9189. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in GiveWP Plugin up to 3.16.1 on WordPress. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-8353. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in CodeAstro Membership Management System 1.0. This issue affects some unknown processing of the component Login Page. The manipulation of the argument email leads to sql injection. The identification of this vulnerability is CVE-2024-46472. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in mudler localai up to 2.19.3. This vulnerability affects unknown code of the component Configuration File Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-6983. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in goauthentik authentik up to 2024.6.4/2024.8.2. This affects an unknown part of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-47070. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in goauthentik authentik. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2024-47077. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

2024长城杯初赛RE（部分题目） by ourren

2024EISS深圳站PPT by ourren

更多最新文章，请访问SecWiki

一 、什么是RASP？在2014年的时候，Gartner引入了“Runtime application self-protection”一词，简称为RASP。它是一种新型应用安全保护技术，它将保护程序

Hello friends, this is the first of two, possibly three (if and when I have time to finish the Wind

The testing tool to identify if your domain is vulnerable to this attack is located at the end of th

In the regional capital of Nagorno-Karabakh, satellite imagery reveals hundreds of i

美国地方法院法官 Colleen McMahon 以故意侵犯版权和无视投诉为由命令 Library Genesis (Libgen) 向出版商赔偿 3000 万美元。但问题是没人知道谁在运

Enhance cybersecurity post-breach with 7 strategies using NodeZero™ for continuous testing, threat detection, and improved defenses for lasting protection.

The post Enhancing Cybersecurity Post-Breach: A Comprehensive Guide appeared first on Horizon3.ai.

The post Enhancing Cybersecurity Post-Breach: A Comprehensive Guide appeared first on Security Boulevard.

Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8)