Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group. Zafiyet ile ilgili Genel Bilgi,…

Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create,…

The Login with phone number WordPress plugin through 1.3.7 do not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site…

The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site…

Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter…

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the…

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass…

The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both…

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker…

IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization…