The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site…

The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users,…

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. Zafiyet ile…

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a “database/script” file with a SCRIPT command where the contents…

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin through 2.4 use a third-party library that removes the escaping on some HTML characters, leading to…

A missing nullptr-check in handle_ra_input can cause a nullptr-deref. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database

An administrator is able to execute commands as root via the alerts management dialog Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku…

An authenticated attacker is able to create alerts that trigger a stored XSS attack.  Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku…

Local users are able to execute scripts under root privileges. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database

An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku…