WordPress Display Post Metadata plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. display Post Metadata plugin is a WordPress open source application plugin. WordPress Display Post Metadata plugin ...

WordPress Shiny Buttons plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. shiny Buttons plugin is a WordPress open source application plugin. the WordPress Shiny Buttons plugin in version 1.1.0...

WordPress Get Custom Field Values plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values Plugin...

WordPress Caldera Forms Plugin Cross-Site Scripting Vulnerability (CNVD-2021-101996)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Caldera Forms Plugin is a WordPress open source application plugin. WordPress Caldera Forms Plugins prior to 1.9.5...

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

The vulnerability of the Hyper-V hardware virtualization system of the Microsoft Windows operating system, which allows a hacker to trigger a service failure.

The vulnerability of the Hyper-V hardware virtualization technology of the Microsoft Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Bentley View BMP File Parsing Heap Buffer Overflow Remote Code Execution Vulnerability

A security vulnerability exists in Bentley View, a free viewer from Bentley Systems, U.S.A. The Bentley View BMP file parsing vulnerability is due to a failure to properly validate the length of user-supplied data before copying it to a heap buffer. An attacker could exploit this vulnerability to...

The vulnerability of the Windows operating system arises from insufficient validation of input data, allowing attackers to trigger a service failure.

The vulnerability of the Windows operating system exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

CVE-2021-41844

CVE-2021-41844 affects Crocoblock JetEngine (pre-2.9.1). The root cause is improper validation and sanitization of form data, enabling unauthenticated or low-privilege abuse via network access as described by the CVE records. NVD lists high/critical impact metrics (C/P/I/A partial to high) with n...

Verint Systems Verint Workforce Optimization 跨站脚本漏洞

Verint Systems Verint Workforce Optimization WFO is a workforce performance management solution from Verint Systems, Inc. A cross-site scripting vulnerability exists in version 8.10048, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploi...

Crocoblock JetEngine 安全漏洞

Crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. A security vulnerability exists in Crocoblock JetEngine versions prior to 2.9.1 that stems from the application's inability to properly validate and clean form data...

Default credentials

A vulnerability has been identified in Simcenter STAR-CCM+ Viewer All versions 2021.3.1. The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could...

Chromium: CVE-2021-4098 Insufficient data validation in Mojo

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. H5P CSS Editor plugin is a WordPress open source application plugin. WordPress H5P CSS Editor plugin has a...

Function sync in ChainlinkOracle.sol does not check the price returned from chainlink aggregators

Handle ye0lde Vulnerability details Impact The sync function in the contract ChainlinkOracle.sol fetches the feedPrice' from a Chainlink aggregator using the latestRoundDatafunction. There are checks on thetimeStampversus previous versions of the feed protecting against stale prices. But there is...

AbanteCart 跨站脚本漏洞

AbanteCart is a PHP-based e-commerce platform. AbanteCart is vulnerable to a cross-site scripting vulnerability prior to 1.3.2, which stems from a lack of data validation filtering of user-supplied data and output. An attacker with file upload privileges could exploit this vulnerability to upload...

Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM...

Microsoft Edge (Chromium) < 96.0.1054.57 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1054.57. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2021 advisory. - Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to...

FreeBSD : chromium -- multiple vulnerabilities (fb9ba490-5cc4-11ec-aac7-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fb9ba490-5cc4-11ec-aac7-3065ec8fd3ec advisory. - Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to...