Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron...
The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. Date published : 2020-04-22 MapPress Maps for WordPress Critical Vulnerabilities Patched...
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS. Date published : 2020-04-22 Vulnerabilities Patched in the Data Tables Generator by Supsystic...
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. Date published : 2020-04-22 Vulnerabilities Patched in the Data Tables Generator by Supsystic Plugin
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. Date published : 2020-04-22 Vulnerability Patched in Import Export WordPress Users
The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests. Date published : 2020-04-22 Severe Flaws Patched in Responsive Ready Sites Importer Plugin
Anchor 0.12.7 allows admins to cause XSS via crafted post content. Date published : 2020-04-22 https://github.com/anchorcms/anchor-cms/issues/1333
CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. Date published : 2020-04-22 https://www.debian.org/security/2020/dsa-4763 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVYG7CCPS5F3OPOQMJKVNXTQ7BXSEX2V/
An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. Date published : 2020-04-22 https://bugzilla.suse.com/show_bug.cgi?id=1170170 https://docs.ceph.com/docs/master/releases/mimic/
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2. Date published : 2020-04-22 JetBrains Security Bulletin Q1...
In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020
In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020