PT-2024-39899 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.10.2 Description: The issue is related to Stored Cross-Site Scripting via the marker content parameter in the 'Open Map Widget'. This is due to insufficie...

WordPress plugin Element Pack Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-45882

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletemapprofile...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption when processing PDRs in the driver to obtain a remote heap map...

PT-2024-31837 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: A command injection issue occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to 'set ap map config'. This allows for potential command injection attacks...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in XkbSetCompatMap bsc1231565. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Remote Code Execution (RCE)

Overview studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI. Affected versions of this package are vulnerable to Remote Code Execution RCE due to the lack of restrictions on file types that can be uploaded, specifically the .php8 extension. An attacke...

Security update for xwayland

This update for xwayland fixes the following issues: CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in XkbSetCompatMap bsc1231565. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in XkbSetCompatMap bsc1231565. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

AZL-52035 CVE-2024-9632 affecting package xorg-x11-server-Xwayland for versions less than 24.1.1-3

A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org serv...

AZL-52026 CVE-2024-9632 affecting package xorg-x11-server for versions less than 1.20.10-13

A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org serv...

CVE-2024-9886

The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidumap' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-9886 WP Baidu Map <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidumap' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-9886

CVE-2024-9886 affects the WordPress plugin WP Baidu Map, where the stored XSS vulnerability can be triggered via the plugin’s baidu_map shortcode in versions up to 1.2.2. The flaw arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated u...

PT-2024-39912 · WordPress · Wp Baidu Map

Name of the Vulnerable Software and Affected Versions: WP Baidu Map plugin for WordPress versions up to, and including, 1.2.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the baidu map shortcode. This allows authenticated...

WordPress plugin WP Baidu Map 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WP Baidu Map plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin WP Baidu Map versions = 1.2.2...

WordPress WP Baidu Map Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Baidu Map Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9886 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5869ce63afea Credits theviper17y Required privileg...

The vulnerability of the SCSI component in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the SCSI component in the Linux operating system is related to errors in resource management in the pqimapqueues function. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the cxl component in the Linux operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of the cxl component in the Linux operating system’s kernel is related to errors in resource management within the pqimapqueues function. Exploiting this vulnerability can allow an attacker to cause a service failure...