BD Alarisâ„¢ Guardrailsâ„¢ Editor Security Vulnerabilities

Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE < 2.6.12 - Authenticated (Subscriber+) Information Exposure

Description The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. This makes it possible for authenticated attackers, with Subscriber-level access and...

ROS-20240613-02

The vulnerability of the RelinquishDCMInfo() function of the dcm.c component of the ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial....

Cacti Import Packages Remote Code Execution

...

YITH WooCommerce Tab Manager < 1.35.1 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The YITH WooCommerce Tab Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.35.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level....

Cacti Import Packages Remote Code Execution Exploit

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The...

CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

CVE-2024-1736 Uncontrolled Resource Consumption in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

CVE-2024-1736 Uncontrolled Resource Consumption in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

RHEL 9 : libreoffice (RHSA-2024:3835)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3835 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

GitLab 15.8 < 16.10.7 / 16.11 < 16.11.4 / 17.0 < 17.0.2 (CVE-2024-1736)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD...

CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

CVE-2024-37161

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this...

CVE-2024-37161

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this...

CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this...

CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this...

Visual Composer Website Builder < 45.9.0 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 45.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

Debug Log Manager < 2.3.2 - Missing Authorization

Description The Debug Log Manager plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_latest_entries and disable_wp_file_editor functions in versions up to, and including, 2.3.1. This makes it possible for authenticated...

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Frontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation

Description The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the 'cf7frr' post meta. This makes it possible for authenticated attackers, with editor-level access and above,....

Checkout Field Editor for WooCommerce (Pro) < 3.6.3 - Unauthenticated Arbitrary File Deletion

Description The Checkout Field Editor for WooCommerce (Pro) plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.6.2. This is due to the plugin not properly validating a file or it's path prior to deleting it. This makes it possible for...

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

Exploit for CVE-2024-37888

CVE-2024-37888 This repository documents vulnerability...

CVE-2024-33572

Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...

CVE-2024-33572

Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...

CVE-2024-33572 WordPress The Plus Blocks for Block Editor | Gutenberg plugin <= 3.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through...

CVE-2024-35731

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

CVE-2024-35731

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

CVE-2024-35731 WordPress Kenta Gutenberg Blocks plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

CVE-2024-35731 WordPress Kenta Gutenberg Blocks plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block...

ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`

Zend_Dojo_View_Helper_Editor was incorrectly decorating a TEXTAREA instead of a DIV. The Dojo team has reported that this has security implications as the rich text editor they use is unable to escape content for a...

ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`

Zend_Dojo_View_Helper_Editor was incorrectly decorating a TEXTAREA instead of a DIV. The Dojo team has reported that this has security implications as the rich text editor they use is unable to escape content for a...

CVE-2024-30162

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the...

CVE-2024-30162

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient sanitization when opening the equation editor, leading to a stored XSS risk when editing another user's...

Fedora: Security Advisory for kitty (FEDORA-2024-25b47765c6)

The remote host is missing an update for...

CVE-2024-30162

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the...

Fedora: Security Advisory for rust-lino (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Fedora: Security Advisory for helix (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

CVE-2024-30162

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the...

CVE-2024-5248

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

CVE-2024-5248

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

CVE-2024-5248 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

CVE-2024-5248 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

Northwind Demo 1.0 Cross Site Scripting

...