Oracle Linux 10 : kernel (ELSA-2025-11428)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-11428 advisory. 6.12.0-55.22.1.0.10.OL10 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Add new Oracle Linux Driver Signing key 1 certificate...

CVE-2024-11428

The Lazy load videos and sticky control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lazy-load-videos-and-sticky-control' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Ruby SAML vulnerabilities (USN-7309-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7309-1 advisory. It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated...

CVE-2024-11428

creationtimestamp| type| source ---|---|--- 2024-11-21 03:52:53+00:00| seen| https://infosec.exchange/users/cve/statuses/113518914603776347...

CVE-2024-11428

The CVE CVE-2024-11428 describes a Stored Cross-Site Scripting (XSS) in the WordPress plugin “Lazy load videos and sticky control” (shortcode: lazy-load-videos-and-sticky-control) affecting all versions up to and including 3.0.0. The root cause is insufficient input sanitization and output escapi...

WordPress Lazy load videos and sticky control Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Lazy load videos and sticky control Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11428 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92d1e83c3da9 Credits zakar...

CVE-2019-11428

CVE-2019-11428 affects I, Librarian 4.10 and is exposed via XSS in the export.php export_files parameter. Root cause: improper handling of the export_files input leading to cross-site scripting. Impact and exploitability: not detailed beyond XSS; no in-the-wild exploit information provided. Remed...

CVE-2017-11428

creationtimestamp| type| source ---|---|--- 2019-04-17 18:33:31+00:00| seen| https://t.me/cibsecurity/3780...

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

CVE-2017-11428

CVE-2017-11428 affects OneLogin Ruby-SAML up to version 1.6.0. The issue arises from improper use of XML DOM traversal and canonicalization results, allowing manipulation of SAML data without breaking the cryptographic signature and potentially bypassing authentication to SAML service providers. ...

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

CVE-2025-11428

This CVE entry is rejected/not used as stated in the Initial Description.

CVE-2025-11428

...