The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed Devamını Oku
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection Devamını Oku
The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue Devamını Oku
The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue Devamını Oku
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue Devamını Oku
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local…
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-34981. Reason: This candidate is a reservation duplicate of CVE-2021-34981. Notes: All CVE users should reference CVE-2021-34981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Devamını Oku
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. Devamını Oku
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800. Devamını Oku
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800. Devamını Oku
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800. Devamını Oku
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. Devamını Oku