EUVD-2026-2504

In the Linux kernel, the following vulnerability has been resolved: MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits Since commit e424054000878 "MIPS: Tracing: Reduce the overhead of dynamic Function Tracer", the macro UASMiLAmostly has been used, and this macro can...

CVE-2024-2504

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Huawei EulerOS: Security Advisory for libwebsockets (EulerOS-SA-2025-2504)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 25.04 / 25.10 : CRaC JDK 17 vulnerabilities (USN-7900-1)

The remote Ubuntu 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7900-1 advisory. Jinfeng Guo discovered that the Security component of CRaC JDK 17 did not correctly handle certain representations of encoded strings. An...

CVE-2023-2504

Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials...

Qnap QES Path Traversal (CVE-2020-2504)

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

RHEL 4 : xorg-x11 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - x11perfcomp has dot in its path CVE-2011-2504 - The LockServer function in os/utils.c in X.Org xserver...

RHEL 5 : xorg-x11 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - x11perfcomp has dot in its path CVE-2011-2504 Note that Nessus has not tested for this issue but has instead relied...

Oracle Linux 9 : libssh (ELSA-2024-2504)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2504 advisory. 0.10.4-13 - Bump up the version so that the version in 9.3 is lower. - Resolves: RHEL-19310, RHEL-19691, RHEL-17245 Tenable has extracted the preceding...

RHEL 9 : libssh (RHSA-2024:2504)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2504 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...

CVE-2024-2504

CVE-2024-2504 affects Page Builder: Pagelayer (WordPress plugin) up to version 1.8.4. The vulnerability is a stored XSS via the attr parameter caused by insufficient input sanitization/output escaping. Impact: authenticated users with Contributor+ can inject scripts that execute when any user loa...

CVE-2024-2504

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-2504 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress PageLayer Plugin <= 1.8.4 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2504 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ebbe1295ece7 Credits wesley wcraft Required privile...

Malicious code in wlwz-2312-2504 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 089920884979f1932c59925faa27c5da71861aa24ada1cc30abcaa253bb2096f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-2504

creationtimestamp| type| source ---|---|--- 2023-05-23 02:25:47+00:00| seen| https://t.me/cibsecurity/64582...

CVE-2023-2504

Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials...

CVE-2023-2504

Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials...

CVE-2023-2504

CVE-2023-2504 affects BirdDog devices where hard-coded credentials in firmware allow an attacker to gain root access. The issue is documented across several sources tied to BirdDog cameras/encoders (e.g., STUDIO R3, 4K QUAD, MINI, A300 EYES) and their firmware images; exploitation would grant una...

CVE-2022-2504

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SDD Computer Software SDD-Baro allows SQL Injection. This issue affects SDD-Baro: before 2.8.432...