3642 matches found
PT-2024-34800 · Litefeel · Litefeel Flash Show/Hide Box
Name of the Vulnerable Software and Affected Versions: litefeel Flash Show And Hide Box versions 1.6 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from STB unavailability detection...
Fedora: Security Advisory (FEDORA-2024-e7bb8bc2da)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-10861
The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatepluginoption function in all versions up to, and including, 4.9.7. This makes it possible for...
CVE-2024-10861
CVE-2024-10861 affects the WordPress plugin Popup Box – Create Countdown, Coupon, Video, Contact Form Popups. All versions up to and including 4.9.7 are vulnerable due to a missing capability check in the deactivate_plugin_option() function, enabling unauthenticated attackers to update the ay s_p...
CVE-2024-10861 Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update
The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatepluginoption function in all versions up to, and including, 4.9.7. This makes it possible for...
WordPress plugin Popup Box 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Popup Box plugin <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update vulnerability
Missing Authorization to Unauthenticated Limited Options Update vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Popup box versions = 4.9.7...
WordPress Popup box Plugin <= 4.9.7 is vulnerable to Broken Access Control
Software Popup box Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10861 Patch priority Low CVSS severity Low 5.2 Developer Claim ownership PSID bfd2e007cc0d Credits Trương Hữu Phúc truonghuuphuc...
PT-2024-16598 · WordPress · The Popup Box – Create Countdown
Name of the Vulnerable Software and Affected Versions: The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress versions up to, and including, 4.9.7 Description: The issue is related to a missing capability check on the deactivate plugin option function, which...
CVE-2024-51611
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Miguel Peixe WP Feature Box wp-feature-box allows Stored XSS.This issue affects WP Feature Box: from n/a through = 0.1.3...
CVE-2024-51611 WordPress WP Feature Box plugin <= 0.1.3 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Miguel Peixe WP Feature Box wp-feature-box allows Stored XSS.This issue affects WP Feature Box: from n/a through = 0.1.3...
CVE-2024-51611
CVE-2024-51611 is a stored XSS in the WordPress plugin WP Feature Box, affecting versions <= 0.1.3. The vulnerability stems from improper neutralization of input during web page generation, enabling stored Cross‑Site Scripting via user-provided data. Impact is described as Stored XSS; explicit...
CVE-2024-51611 WordPress WP Feature Box plugin <= 0.1.3 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Miguel Peixe WP Feature Box wp-feature-box allows Stored XSS.This issue affects WP Feature Box: from n/a through = 0.1.3...
WordPress plugin WP Feature Box 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-34754 · Miguel Peixe · Wp Feature Box
Name of the Vulnerable Software and Affected Versions: Miguel Peixe WP Feature Box versions 0.1.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows attackers to store harmful scripts,...
CVE-2024-48809
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function...
CVE-2024-48809
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function...
CVE-2024-48809
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function...
SDRAN-in-a-Box 安全漏洞
SDRAN-in-a-Box RiaB is an SD-RAN cluster from the µONOS project capable of running within a single host. A security vulnerability exists in SDRAN-in-a-Box version v.1.4.3, which stems from a denial-of-service attack via the onos-a1t component of sdran-in-a-box specifically the DeleteWatcher...