61 matches found
EUVD-2020-21115
Malware in sbrugna...
EUVD-2021-17028
Malware in sbrugna...
SQL Injection
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to SQL Injection through the XMLDB editor tool. An attacker with administrative privileges can manipulate database queries and potentially access or modify data without proper authorization by injectin...
Access Control Bypass
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to improper verification of message recipients in the non-respondents report feature. An attacker can send messages to arbitrary site users by exploiting this verification...
Unbreakable Enterprise kernel security update
4.1.12-124.91.3 - nfsatomicopen: prevent parallel nfslookup on a negative hashed Al Viro Orabug: 37006239 4.1.12-124.91.2 - vhost/scsi: null-ptr-dereference in vhostscsigetreq Haoran Zhang Orabug: 37035560 4.1.12-124.91.1 - vtioctl: fix arrayindexnospec in vtsetactivate Jakob Koschel Orabug:...
WordPress plugin PostX 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PYSEC-2023-226
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...
UBUNTU-CVE-2023-43665
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...
Unbreakable Enterprise kernel security update
4.1.12-124.79.2 - net/sched: clsroute: No longer copy tcfresult on update to avoid use-after-free valis Orabug: 35814273 CVE-2023-4206 - net/sched: schqfq: account for stab overhead in qfqenqueue Pedro Tammela Orabug: 35636291 CVE-2023-3611 - rds: Fix lack of reentrancy for connection reset with...
Unbreakable Enterprise kernel security update
4.1.12-124.78.4.1 - rds: Fix lack of reentrancy for connection reset with dst addr zero Haakon Bugge Orabug: 35741584 CVE-2023-22024...
CVE-2020-28717
Cross Site Scripting XSS vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code...
Kindeditor Cross-Site Scripting Vulnerability
Kindeditor is a lightweight web-based open source HTML rich text editor from the Kindeditor community. A security vulnerability exists in kindeditor version 4.1.12, which originates from a cross-site scripting XSS vulnerability in parameter content1. An attacker can exploit this vulnerability to...
PT-2023-11769 · Unknown · Kindeditor
Name of the Vulnerable Software and Affected Versions: kindeditor version 4.1.12 Description: The issue is related to a Cross Site Scripting XSS vulnerability in the content1 parameter in demo.jsp of kindeditor. This allows attackers to execute arbitrary code. Recommendations: For kindeditor...
CVE-2020-28717
Cross Site Scripting XSS vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code...
Strapi 4.1.12 Cross-site Scripting via crafted file
An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file. After an authenticated attacker uploads a file containing a malicious URL, a victim copies and pastes the malicious URL into a new tab to recei...
@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +49 more potentially affected by CVE-2022-32114 via @strapi/strapi (>=0.0.0-a3ff110fc401ef4fbd6cd90780bf87a83a2cb04b <=4.1.12)
@strapi/strapi NPM version =0.0.0-a3ff110fc401ef4fbd6cd90780bf87a83a2cb04b, =4.12.2, =1.0.9, =1.0.0-alpha.0, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =1.0.1, =1.0.8, =1.0.81 and more Source cves: CVE-2022-32114 Source advisory: OSV:GHSA-4VM8-J95F-J6V5...
CVE-2022-32114
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...
Unrestricted file upload
DISPUTED An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to uploa...
CVE-2022-32114
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...
Strapi 代码问题漏洞
Strapi is an open source content management system CMS. A code issue vulnerability exists in Strapi v4.1.12, which stems from an unrestricted upload of files, and can be exploited by an attacker to execute arbitrary code via a crafted file...