Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2021-42079

An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.

CVE
Open in Source
#ssrf#auth
CVE-2023-3566: Vulnerability/WALLABAG/NAME-LIMIT.md at main · ctflearner/Vulnerability

A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233359. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-3565: Stored XSS via Default session expiration time in teampass

Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

CVE-2023-3579: cve/CSRF.md at main · nightcloudos/cve

A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233372.

CVE-2023-3578

A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233371.

CVE-2023-3574: Improper Authorization in "Customer automation rules" function in customer-data-framework

Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1.

CVE-2023-3209

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

CVE-2023-28953: Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.7.0 has addressed a security vulnerability (CVE-2023-28953)

IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465.

CVE-2023-22695: WordPress Custom Field Template plugin <= 2.5.8 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions.