Lucene search

K

Wrapper Security Vulnerabilities

cve
cve

CVE-2024-2695

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-15 09:15 AM
4
cve
cve

CVE-2024-1450

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'align'. This makes it possible for....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-03-21 02:51 AM
11
cve
cve

CVE-2024-0966

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'info_text'. This makes it possible for....

6.4CVSS

7.7AI Score

0.0004EPSS

2024-03-21 02:51 AM
16
cve
cve

CVE-2023-6500

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as 'secondarycolor' and 'maincolor'....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-03-21 02:50 AM
16
cve
cve

CVE-2024-29109

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-03-19 03:15 PM
28
cve
cve

CVE-2024-1106

The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

7.6AI Score

0.0004EPSS

2024-02-27 09:15 AM
2504
cve
cve

CVE-2023-39018

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which...

9.8CVSS

9.6AI Score

0.001EPSS

2023-07-28 03:15 PM
151
cve
cve

CVE-2021-32415

EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it...

7.8CVSS

7.6AI Score

0.0004EPSS

2022-12-13 03:15 PM
22
cve
cve

CVE-2020-28443

This affects all versions of package sonar-wrapper. The injection point is located in...

9.8CVSS

9.6AI Score

0.003EPSS

2022-07-25 02:15 PM
27
2
cve
cve

CVE-2020-6958

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause...

9.1CVSS

9AI Score

0.011EPSS

2020-01-14 12:15 AM
54
cve
cve

CVE-2019-17206

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary...

9.8CVSS

9.6AI Score

0.006EPSS

2019-10-05 11:15 PM
140
cve
cve

CVE-2016-10671

mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is....

8.1CVSS

8.2AI Score

0.002EPSS

2018-06-04 04:29 PM
27
cve
cve

CVE-2016-10628

selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an...

8.1CVSS

8.2AI Score

0.002EPSS

2018-06-01 06:29 PM
28
cve
cve

CVE-2006-6488

Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter...

7.9AI Score

0.113EPSS

2007-01-03 08:00 PM
27
cve
cve

CVE-2001-0762

Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first...

7.8AI Score

0.0004EPSS

2001-10-18 04:00 AM
22