CVE-2025-12412

The Top Bar Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on th tbnajaxadd function. This makes it possible for unauthenticated attackers to update the plugin's setting...

WordPress Top Bar Notification plugin <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Top Bar Notification versions = 1.12...

CVE-2024-12412

The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘activetab’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization...

CVE-2024-12412

CVE-2024-12412 affects the WordPress plugin “Booking and Rental Manager for Bike | Car | Resort with WooCommerce Integration – WpRently.” The vulnerability is Stored Cross-Site Scripting via the active_tab parameter in all versions up to 2.2.1 due to insufficient input sanitization and output esc...

CVE-2024-12412 Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting

The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘activetab’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization...

CVE-2024-12412 Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting

The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘activetab’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization...

PT-2024-12412 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a Transient Denial of Service DOS that occurs while processing a WMI P2P listen start command 0xD00A sent from a host. Recommendations: At the moment, there is no...

Ubuntu 16.04 ESM : libapreq2 vulnerability (USN-5041-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5041-1 advisory. It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain crafted HTTP requests. An attacker could possibly use the vulnerabili...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2023-12412)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12412 advisory. - netfilter: nftables: deactivate anonymous set from preparation phase Pablo Neira Ayuso Orabug: 35382084 CVE-2023-32233 - KVM: nVMX: add missing...

Mageia: Security Advisory (MGASA-2019-0327)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-12412

creationtimestamp| type| source ---|---|--- 2020-12-09 06:25:29+00:00| seen| https://t.me/cibsecurity/17404...

CVE-2019-12412

CVE-2019-12412 affects libapreq2 versions 2.07–2.13, where the multipart parser can dereference a null pointer, causing a process crash and a potential denial-of-service. Exploitation is described as remote via crafted HTTP requests. Public references include Ubuntu USN advisories (USN-4558-1 for...

CVE-2020-12412

By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain with the https:// scheme, a blocked port number such as '1', and without a lock icon while controlling the page contents. This vulnerability affects Firefox 70...

CVE-2020-12412

By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain with the https:// scheme, a blocked port number such as '1', and without a lock icon while controlling the page contents. This vulnerability affects Firefox 70...

CVE-2020-12412

This CVE (CVE-2020-12412) affects Mozilla Firefox prior to version 70, where navigating a tab via the History API could spoof the address bar to display an incorrect domain (https scheme, blocked port, no lock icon) while the page content is controlled. The vulnerability enables spoofing of the v...

Amazon Linux AMI : libapreq2 (ALAS-2019-1323)

Remotely exploitable NULL pointer dereference bug CVE-2019-12412 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2019-1323. include'compat.inc'; if description scriptid131243; scriptversion"1.5";...

Medium: libapreq2

Issue Overview: Remotely exploitable null pointer dereference bug CVE-2019-12412 Affected Packages: libapreq2 Issue Correction: Run yum update libapreq2 or yum update --advisory ALAS-2019-1323 to update your system. New Packages: i686: libapreq2-libs-2.13-38.2.amzn1.i686 ...

Updated libapreq2 packages fix security vulnerability

Updated libapreq2 packages fix security vulnerability: Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing a remote attacker to cause a denial of service against an application using the library application crash if an invalid nested "multipart" body is processed...

Fedora 29 : libapreq2 (2019-d2381feee9)

Patch CVE-2019-12412. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security,...

Debian DSA-4541-1 : libapreq2 - security update

Max Kellermann reported a NULL pointer dereference flaw in libapreq2, a generic Apache request library, allowing a remote attacker to cause a denial of service against an application using the library application crash if an invalid nested 'multipart' body is processed. C Tenable Network Security...