A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

'2240541?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-5156: Invalid Bug ID

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.

CVE-2023-3547

The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.

CVE-2023-4631

Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.

**后台存在任意文件读取编辑漏洞**

使用模板管理功能时会拼接当前模板中的themePath,themePath来自于模板  
  
  

使用风格管理功能，上传新的主题包，并在theme.json中指定themePath为../../../../../../  
  

使用新主题包去访问模板管理功能，就可以造成目录穿越，并且可以编辑  

Java

1

https://gitee.com/iteachyou/dreamer\_cms.git

git@gitee.com:iteachyou/dreamer\_cms.git

iteachyou

dreamer\_cms

Dreamer CMS（梦想家CMS内容管理系统）

CVE-2023-43382: 后台存在任意文件读取编辑漏洞 · Issue #I821AI · www.iteachyou.cc/Dreamer CMS（梦想家CMS内容管理系统） - Gitee.com

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVE-2023-4148

Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-43339: CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation/README.md at main · sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation

Mediawiki v1.40.0 does not validate namespaces used in XML files.

Therefore, if the instance administrator allows XML file uploads,

a remote attacker with a low-privileged user account can use this

exploit to become an administrator by sending a malicious link to

the instance administrator.





(Redirected from MediaWiki/)

**MediaWiki is a collaboration and documentation platform brought to you by a vibrant community.**

The MediaWiki software is used by tens of thousands of websites and thousands of companies and organisations. It powers Wikipedia and also this website. MediaWiki helps you collect and organise knowledge and make it available to people. It's powerful, multilingual, free and open, extensible, customisable, reliable, and free of charge. Find out more and if MediaWiki is right for you.

**Set up and run MediaWiki**

**Edit and use MediaWiki**

**Develop and extend code**

**Get help and contribute**

*   Cannot find the answer to a problem with MediaWiki? Ask the support desk!
*   Get involved as a translator, designer, documentation writer, tester, tech ambassador, or developer
*   Report wrong software behaviour or a feature proposal

**News**

CVE-2023-3550: MediaWiki

The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2023-3226

A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-32614: TALOS-2023-1749 || Cisco Talos Intelligence Group

A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Source

CVE