24 matches found
CVE-2026-24564
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...
CVE-2026-24564
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.3...
CVE-2020-24564
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the...
CVE-2024-24564
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...
CVE-2022-24564
Checkmk =2.0.0p19 contains a Cross Site Scripting XSS vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user...
CVE-2021-24564
The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...
CVE-2025-24564
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through = 4.2.5...
CVE-2025-24564
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through = 4.2.5...
CVE-2025-24564 WordPress Contact Form With Shortcode plugin <= 4.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through = 4.2.5...
CVE-2025-24564
CVE-2025-24564 corresponds to a WordPress plugin vulnerability: WordPress plugin “Contact Form With Shortcode” (versions up to 4.2.5) suffers a Reflected XSS due to improper input neutralization during page generation. The issue is tracked across multiple feeds (Red Hat, NVD, CVE List) with the s...
2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24564 via vyper (>=0.1.0b12 <=0.3.9)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24564 Source advisory: OSV:PYSEC-2024-205...
CVE-2024-24564
Vyper CVE-2024-24564 describes a memory-safety issue with extract32(b, start): if the start argument can mutate b, extracting 32 bytes may read and return dirty memory. The defect affects older Vyper versions (e.g., 0.3.10 and earlier) and is fixed in 0.4.0. Red Hat and other sources list the sam...
CVE-2024-24564 Vyper extract32 can ready dirty memory
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...
CVE-2024-24564 Vyper extract32 can ready dirty memory
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...
CVE-2024-24564
creationtimestamp| type| source ---|---|--- 2024-02-26 18:36:30+00:00| published-proof-of-concept| https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx 2024-02-26 21:26:20+00:00| seen| https://t.me/ctinow/193769 2024-02-26 21:31:45+00:00| seen| https://t.me/ctinow/193776...
CVE-2022-24564
creationtimestamp| type| source ---|---|--- 2022-02-22 02:11:39+00:00| seen| https://t.me/cibsecurity/37879...
CVE-2021-24564
creationtimestamp| type| source ---|---|--- 2021-08-23 16:23:03+00:00| seen| https://t.me/cibsecurity/27688...
CVE-2021-24564
The CVE covers WPFront Scroll Top for WordPress, affected versions before 2.0.6.07225. Vulnerability: authenticated stored XSS due to unfiltered/unterminated sanitization of the Image ALT attribute when outputting it. Root cause: lack of sanitization/escaping in the ALT setting leads to script ex...
CVE-2020-25772
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the...
Information disclosure
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the...