The Easy Preloader WordPress plugin through 1.0.0 does not sanitise its setting fields, leading to authenticated (admin+) Stored Cross-Site scripting issues Date published : 2021-06-07 https://wpscan.com/vulnerability/6d6c1d46-5c3d-4d56-9728-2f94064132aa
The iFlyChat – WordPress Chat plugin through 4.6.4 does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue Date published : 2021-06-07...
The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue. Date published : 2021-06-07 https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have...
The id GET parameter of one of the Video Embed WordPress plugin through 1.0’s page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low...
The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users Date published :...
This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality. Date published : 2021-06-07 https://github.com/cliftonc/calipso https://snyk.io/vuln/SNYK-JS-CALIPSO-1300555
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file Date published : 2021-06-07 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json https://security.gentoo.org/glsa/202107-21
Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S...
Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S...
IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and...
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to...
An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8. Date published : 2021-06-07 https://security.netapp.com/advisory/ntap-20210720-0002/ https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.16
An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. Date published : 2021-06-07 https://security.netapp.com/advisory/ntap-20210720-0003/ https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19