Aggregator

Submit #412364 / VDB-278786

Submit #411499 / VDB-278785

A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the argument upfile leads to cross site scripting. This vulnerability is traded as CVE-2024-9291. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The GitHub repository of the project did not receive an update for more than two years. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

2024年9月25日-27日，由开放原子开源基金会主办的2024开放原子开源生态大会在北京市亦庄新城北人亦创国际会展中心盛大举行。作为开放原子开源基金会成员单位，悬镜安全受邀参与2024开放原子开源生

新品斩获大奖 |国利网安“专项隔离系统”荣获CCIA“2024年网络安全优秀创新成果大赛”优胜奖 日期：2024年09月27日 阅：

Submit #411202 / VDB-278784

A vulnerability was found in Simple Popup Plugin up to 4.5 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-8547. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Simple LDAP Login Plugin up to 1.6.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-8715. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in WP-WebAuthn Plugin up to 1.3.1 on WordPress. It has been classified as problematic. This affects the function wwa_login_form of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9023. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in EU UK VAT Manager for WooCommerce Plugin up to 2.12.12 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-8788. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in EU UK VAT Manager for WooCommerce Plugin up to 2.12.12 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-9189. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in GiveWP Plugin up to 3.16.1 on WordPress. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-8353. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in CodeAstro Membership Management System 1.0. This issue affects some unknown processing of the component Login Page. The manipulation of the argument email leads to sql injection. The identification of this vulnerability is CVE-2024-46472. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in mudler localai up to 2.19.3. This vulnerability affects unknown code of the component Configuration File Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-6983. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in goauthentik authentik up to 2024.6.4/2024.8.2. This affects an unknown part of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-47070. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in goauthentik authentik. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2024-47077. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

2024长城杯初赛RE（部分题目） by ourren

2024EISS深圳站PPT by ourren

更多最新文章，请访问SecWiki

一 、什么是RASP？在2014年的时候，Gartner引入了“Runtime application self-protection”一词，简称为RASP。它是一种新型应用安全保护技术，它将保护程序