| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder allows Retrieve Embedded Sensitive Data. This issue affects JetWooBuilder: from n/a through 2.1.20. |
| Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
| Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a buffer overflow via the ApCliSsid parameter in thegenerate_conf_router() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. MMR 1.3.5 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. Though extremely limited, server operators can use more strict rate limits based on IP address as a partial workaround. |
| Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating environment uses S3-like storage as a backend, with file-backed store as an alternative option. Instances using a file-backed store or those which self-host an S3 storage system are therefore vulnerable to a disk fill attack. Once the disk is full, authenticated users will be unable to upload new media, resulting in denial of service. For instances configured to use a cloud-based S3 storage option, this could result in high service fees instead of a denial of service. MMR 1.3.5 introduces a new default-on "leaky bucket" rate limit to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data. Operators should note that the leaky bucket implementation introduced in MMR 1.3.5 requires the IP address associated with the request to be forwarded, to avoid mistakenly applying the rate limit to the reverse proxy instead. To avoid this issue, the reverse proxy should populate the X-Forwarded-For header when sending the request to MMR. Operators who cannot update may wish to lower the maximum file size they allow and implement harsh rate limits, though this can still lead to a large amount of data to be downloaded. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the delete_associated_files function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with a file upload action, and doesn't affect sites with PHP version > 8. This vulnerability also requires the 'Redirection For Contact Form 7 Extension - Create Post' extension to be installed and activated in order to be exploited. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. We confirmed there is a usable gadget in Contact Form 7 plugin that makes arbitrary file deletion possible when installed with this plugin. Given Contact Form 7 is a requirement of this plugin, it is likely that any site with this plugin and the 'Redirection For Contact Form 7 Extension - Create Post' extension enabled is vulnerable to arbitrary file deletion. |
| The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List allows Path Traversal. This issue affects Simple File List: from n/a through 6.1.14. |
| Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping allows Using Malicious Files. This issue affects ReachShip WooCommerce Multi-Carrier & Conditional Shipping: from n/a through 4.3.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Radio Player Shoutcast & Icecast allows Reflected XSS. This issue affects Radio Player Shoutcast & Icecast: from n/a through 4.4.7. |
| Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade. |
| Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. This is fixed in MMR v1.3.8. Users are advised to upgrade. For users unable to upgrade; forward proxies can be configured to block requests to unsafe hosts. Alternatively, MMR processes can be configured with memory limits and auto-restart. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users. |
| Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in ImageMagick. In some ImageMagick installations, this includes the capability to run Ghostscript to decode the image/file. If MP4 thumbnailers are enabled (also disabled by default), the same issue as above may occur with the ffmpeg installation instead. MMR uses a number of other decoders for all other file types when preparing thumbnails. Theoretical issues are possible with these decoders, however in testing they were not possible to exploit. This is fixed in MMR v1.3.8. MMR now inspects the mimetype of media prior to thumbnailing, and picks a thumbnailer based on those results instead of relying on user-supplied values. This may lead to fewer thumbnails when obscure file shapes are used. This also helps narrow scope of theoretical issues with all decoders MMR uses for thumbnails. Users are advised to upgrade. Users unable to upgrade may disable the SVG, JPEGXL, and MP4 thumbnail types in the MMR config which prevents the decoders from being invoked. Further disabling uncommon file types on the server is recommended to limit risk surface. Containers and other similar technologies may also be used to limit the impact of vulnerabilities in external decoders, like ImageMagick and ffmpeg. Some installations of ImageMagick may disable "unsafe" file types, like PDFs, already. This option can be replicated to other environments as needed. ffmpeg may be compiled with limited decoders/codecs. The Docker image for MMR disables PDFs and similar formats by default. |
| A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.). |
| qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbit_manage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restore_config_from_backup endpoint. The vulnerability allows attackers to bypass directory restrictions and read arbitrary files from the server filesystem by manipulating the backup_id parameter with path traversal sequences (e.g., ../). This vulnerability is fixed in 4.5.4. |
| screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary command execution with the privileges of the calling process. This vulnerability is fixed in 1.15.2. |
