[Forgot Password]
Login  Register Subscribe

30192

 
 

423868

 
 

233697

 
 

909

 
 

186637

 
 

207

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 232574 Download | Alert*

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <=��4.2.8 versions.

Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.

Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.

Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter.

Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.

An issue discovered in Langchain before 0.0.225 allows attacker to run arbitrary code via jira.run('other' substring.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   23257

© SecPod Technologies