38 matches found
OPENSUSE-SU-2026:10353-1 ruby4.0-rubygem-loofah-2.23.1-1.5 on GA media
These are all security issues fixed in the ruby4.0-rubygem-loofah-2.23.1-1.5 package on the GA media of openSUSE Tumbleweed...
CVE-2026-24555
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through = 2.23.2...
CVE-2026-24555
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through = 2.23.2...
CVE-2026-24555
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through = 2.23.1...
CVE-2026-24555 WordPress ArtPlacer Widget plugin <= 2.23.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through = 2.23.2...
CVE-2026-24555
CVE-2026-24555 : WordPress ArtPlacer Widget (artplacer-widget) is affected by a stored XSS due to improper input handling in the package’s web page generation. Affected product/version: ArtPlacer Widget up to and including 2.23.1. Evidence from multiple sources confirms the vulnerability and the ...
WordPress plugin ArtPlacer Widget has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4397
Name of the Vulnerable Software and Affected Versions artplacer ArtPlacer Widget versions through 2.23.1 Description The ArtPlacer Widget contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This can potentially allow an...
WordPress ArtPlacer Widget plugin <= 2.23.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin ArtPlacer Widget versions = 2.23.1...
CVE-2023-22432
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...
DEBIAN-CVE-2021-41737
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route3333333333333333333,2,1,2,3,1 : ;" leads to stack consumption...
CVE-2021-41737
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route3333333333333333333,2,1,2,3,1 : ;" leads to stack consumption...
UBUNTU-CVE-2021-41737
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route3333333333333333333,2,1,2,3,1 : ;" leads to stack consumption...
CVE-2021-41737
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route3333333333333333333,2,1,2,3,1 : ;" leads to stack consumption...
CVE-2021-41737
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route3333333333333333333,2,1,2,3,1 : ;" leads to stack consumption...
CVE-2024-39909
KubeClarity REST API (github.com/openclarity/kubeclarity) contains a SQL Injection in the /api/applicationResources endpoint, via the packageID parameter. The root cause is the use of fmt.Sprintf to build the SQL query without input validation in backend/pkg/database/id_view.go, enabling time/boo...
CVE-2024-39909 SQL Injection in the KubeClarity REST API
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...
CVE-2024-39909 SQL Injection in the KubeClarity REST API
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...
CVE-2024-39909 SQL Injection in the KubeClarity REST API
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...
SQL Injection in the KubeClarity REST API
Summary A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID Details As it can be seen here, while building the SQL Query the fmt.Sprintf function is used to build the query string without the input having first been...