ROS-20241009-02

A vulnerability exists in Firefox ESR and Firefox due to a type error when searching for a property name in the "with" block. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Firefox browser vulnerability, Firefox ESR vulnerability is related to...

SUSE CVE-2024-46811

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index may exceed array range within fpuupdatebwboundingbox Why Coverity reports OVERRUN warning. soc.numstates could be 40. But array range of bwparams-clktable.entries is 8. How Assert if soc.numstates great...

UBUNTU-CVE-2024-46811

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index may exceed array range within fpuupdatebwboundingbox Why Coverity reports OVERRUN warning. soc.numstates could be 40. But array range of bwparams-clktable.entries is 8. How Assert if soc.numstates great...

CVE-2024-9027

The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-39371 · Wpzoom · Wpzoom Shortcodes

Name of the Vulnerable Software and Affected Versions: WPZOOM Shortcodes plugin for WordPress versions up to, and including, 1.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'box' shortcode due to insufficient input sanitization and output escaping on...

WordPress WPZOOM Shortcodes plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via box Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WPZOOM Shortcodes versions = 1.0.5...

CVE-2024-46372

DedeCMS 5.7.115 is vulnerable to Cross Site Scripting XSS via the advertisement code box in the advertisement management module...

CLSA-2024-1726651745 kernel: Fix of 4 CVEs

drm/vmwgfx: Validate the box size for the snooped cursor CVE-2022-36280 - USB: eneusb6250: Allocate enough memory for full object CVE-2023-45862 - Bluetooth: L2CAP: Fix attempting to access uninitialized memory CVE-2022-42895 - stm class: Fix a double free in stmregisterdevice CVE-2024-38627...

PT-2024-31973 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.115 Description: The issue is related to Cross Site Scripting XSS via the advertisement code box in the advertisement management module. This allows for potential malicious script execution. Recommendations: For DedeCMS...

CVE-2024-8091

The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-8091

The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-8091 Enhanced Search Box <= 0.6.1 - Settings Update via CSRF

The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress plugin Enhanced Search Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-38798 · WordPress · Enhanced Search Box

Name of the Vulnerable Software and Affected Versions: Enhanced Search Box WordPress plugin versions 0.6.1 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

WordPress Enhanced Search Box plugin <= 0.6.1 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Enhanced Search Box versions = 0.6.1...

WordPress Enhanced Search Box Plugin <= 0.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Enhanced Search Box Type Plugin Vulnerable versions = 0.6.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8091 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID befef35233e6 Credits Daniel Ruf Require...

Gitea 1.22.0 - Stored XSS

Exploit Title: Stored XSS in Gitea Date: 27/08/2024 Exploit Authors: Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/go-gitea/gitea Version: 1.22.0 Tested on: Linux 5.15.0-107, Go 1.23.0 CVE: CVE-2024-6886 Vulnerability Description Gitea 1.22.0 is vulnerable to a Stored...

CVE-2024-43330

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in IdeaBox Creations PowerPack for Beaver Builder allows Reflected XSS.This issue affects PowerPack for Beaver Builder: from n/a before 2.37.4...

CVE-2024-7867

In Xpdf 4.05 and earlier, very large coordinates in a page box can cause an integer overflow and divide-by-zero...

CVE-2024-7867

In Xpdf 4.05 and earlier, very large coordinates in a page box can cause an integer overflow and divide-by-zero...