Category: Advisories

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in...

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not...

The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a...

It was discovered that GnuPG was not properly processing keys with large amounts of signatures. An attacker could possibly use this issue to cause a...

It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting attacks. Read More

Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling or MITM attacks. Read...

Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even...

Posted by malvuln on May 27 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/be60e389a0108b2871dff12dfbb542ac.txt Contact: malvuln13 () gmail com Media:...

Posted by Julien Ahrens (RCE Security) on May 27 RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: User Meta Vendor URL: https://wordpress.org/plugins/user-meta Type: Relative...

Peter Agten discovered that several modules for TCP syslog reception in rsyslog, a system and kernel logging daemon, have buffer overflow flaws when octet-counted framing...