Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the…

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible…

Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri…

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user…

A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file…

Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the…

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.…

stored xss in GitHub repository getgrav/grav prior to 1.7.33. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has…