Security News

Security news from: cvedetails.com

  • – 1. februar 2023CVE-2023-24956
    Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php. (CVSS:0.0) (Last Update:2023-02-01)
  • – 31. januar 2023CVE-2023-24829
    Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional comp …
  • – 30. januar 2023CVE-2023-24830
    Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3. (CVSS:0.0) (Last Update:2023-01-31)
  • – 30. januar 2023CVE-2023-24612
    The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. (CVSS:0.0) (Last Update:2023-01-30)
  • – 30. januar 2023CVE-2023-24622
    isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. (CVSS:0.0) (Last Update:2023-01-30)
  • – 30. januar 2023CVE-2023-24623
    Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. (CVSS:0.0) (Last Update:2023-01-30)
  • – 26. januar 2023CVE-2023-24441
    Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVSS:0.0) (Last Update:2023-01-27)
  • – 26. januar 2023CVE-2023-24443
    Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVSS:0.0) (Last Update:2023-01-27)
  • – 26. januar 2023CVE-2023-24445
    Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. (CVSS:0.0) (Last Update:2023-01-27)
  • – 26. januar 2023CVE-2023-24447
    A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username …