EUVD-2019-4671

Malware in sbrugna...

CVE-2025-4671

The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Profile Builder plugin <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via usermeta and compare Shortcodes vulnerability discovered by muhammad yudha in WordPress Plugin Profile Builder versions = 3.13.8...

CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes

The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes

The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's usermeta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Linux Distros Unpatched Vulnerability : CVE-2024-4671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a...

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...

RHEL 8 : thunderbird (RHSA-2024:4671)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4671 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR...

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0156-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0156-1 advisory. Update to 110.0.5130.64 CHR-9748 Update Chromium on desktop-stable-124-5130 to 124.0.6367.243 DNA-116317 Create outline or shadow around emojis o...

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0142-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0142-1 advisory. - Update to 110.0.5130.39 DNA-115603 Rich Hints Pass trigger source to the Rich Hint DNA-116680 Import 0-day fix for CVE-2024-5274 - Update to...

Fedora: Security Advisory (FEDORA-2024-c01c1f5f82)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2024:0142-1 Rating: important References: Cross-References: CVE-2024-4671 CVE-2024-5274 CVSS scores: CVE-2024-4671 NVD : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: openSUSE Leap 15.5:NonFree ...

Fedora: Security Advisory (FEDORA-2024-382a7dba53)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : chromium (2024-382a7dba53)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-382a7dba53 advisory. update to 125.0.6422.60 High CVE-2024-4947: Type Confusion in V8 High CVE-2024-4948: Use after free in Dawn Medium CVE-2024-4949: Use after free in ...

CVE-2024-4671

A use after free vulnerability was found in the Chromium web browser. Mitigation Until updated packages are released for Fedora and EPEL, consider temporarily swapping to an alternative web browser such as Firefox or severely restricting activity to sites you know well and trust...

Fedora 40 : chromium (2024-c01c1f5f82)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c01c1f5f82 advisory. update to 125.0.6422.60 High CVE-2024-4947: Type Confusion in V8 High CVE-2024-4948: Use after free in Dawn Medium CVE-2024-4949: Use after free in ...

Mageia: Security Advisory (MGASA-2024-0178)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 124.0.6367.207 release. It includes 4 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromiu...

MGASA-2024-0178 Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 124.0.6367.207 release. It includes 4 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromiu...

CVE-2024-4671

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...