MySQLDumper 1.24.4 - Directory Traversal

Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 language parameter to learn/cubemail/install.php or 2 f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. dot dot in the...

EUVD-2014-0272

Malware in sbrugna...

CVE-2022-4253

A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtinecho of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2021-4253

A vulnerability, which was classified as problematic, was found in ctrlo lenio. Affected is an unknown function in the library lib/Lenio.pm of the component Ticket Handler. The manipulation of the argument siteid leads to cross site scripting. It is possible to launch the attack remotely. The nam...

CVE-2025-4253

creationtimestamp| type| source ---|---|--- 2025-05-04 23:18:17+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14815 2025-05-05 00:16:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lof3p25a5e2p 2025-05-05 01:30:29+00:00| published-proof-of-concept|...

CVE-2025-4253

PCMan FTP Server 2.0.7 is affected by a buffer overflow in the HASH Command Handler due to improper validation of input length. This vulnerability can be exploited remotely and, per CNVD/NVD entries, has been disclosed publicly. The issue’s impact is described as high/critical depending on the so...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.5.1 ESR: - Fixed: Fixed an issue that prevented some websites from loading when using SSL Inspection. bmo1933747 Patch Instructions: To install this SUSE update use the SUSE recommended...

Russh has an OOM Denial of Service due to allocation of untrusted amount

Summary Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. Details An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory...

CVE-2024-4253

CVE-2024-4253 is a command injection vulnerability in the gradio-app/gradio repository, present in the test-functional.yml workflow. The issue stems from improper neutralization of special elements in a command, enabling potential modification of the base repository or exfiltration of secrets (e....

CVE-2024-4253 Command Injection in gradio-app/gradio

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...

ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder

Description The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to...

Cross site scripting

The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

CVE-2023-5606

The CVE-2023-5606 issue affects the WordPress Plugin ChatBot, specifically versions 4.8.6 through 4.9.6. The root cause is insufficient input sanitization and output escaping in the FAQ Builder, enabling Stored Cross-Site Scripting. Impact is limited to sites using multisite installations or with...

CVE-2023-4253

creationtimestamp| type| source ---|---|--- 2023-09-04 16:16:33+00:00| seen| https://t.me/cibsecurity/69789 2023-11-02 11:22:21+00:00| seen| https://t.me/cibsecurity/73414...

CVE-2023-4253 Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4253

The CVE-2023-4253 entry concerns the WordPress plugin AI ChatBot (up to version 4.7.8). The issue is improper sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Public details in connected Red Hat and NVD ...

CVE-2023-4253 Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress ChatBot Plugin < 4.7.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.7.8 Fixed in 4.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4253 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1272ce44f1e5 Credits Nguyen Hoang Nam Required privileg...

russh may use insecure Diffie-Hellman keys

Summary Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Details Russh does not validate Diffie-Hellman keys. It accepts received DH public keys $e$ where $eDH Public Key values MUST be checked and both conditions: - $1...

CVE-2021-4253

creationtimestamp| type| source ---|---|--- 2022-12-19 00:41:06+00:00| seen| https://t.me/cibsecurity/54827...