anti-debugging (=0.0.0), capcom0 (=0.1.1) +9 more potentially affected by CVE-2024-58253 via obfstr (>=0.1.1 <=0.3.0)

obfstr CARGO version =0.1.1, =0.7.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =1.0.3, =0.1.0, =0.6.0, =0.6.0, =0.11.0 Source cves: CVE-2024-58253 Source advisory: OSV:GHSA-V2P5-Q653-9J99...

clipass (=0.1.0), clipperd (>=0.1.1 <=0.1.5) +15 more potentially affected by unknown CVE via magic-crypt (=3.1.13)

magic-crypt CARGO version =3.1.13 is affected by a known vulnerability. The following packages have a transitive dependency on magic-crypt and may be impacted: - clipass =0.1.0 - clipperd =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.19.7, =0.35.0 and...

clipass (=0.1.0), clipperd (>=0.1.1 <=0.1.5) +15 more potentially affected by unknown CVE via magic-crypt (=3.1.13)

magic-crypt CARGO version =3.1.13 is affected by a known vulnerability. The following packages have a transitive dependency on magic-crypt and may be impacted: - clipass =0.1.0 - clipperd =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.19.7, =0.35.0 and...

@dankolz/news-flash (>=1.0.1 <=1.0.2), @trikoder/trim (=0.86.0) +7 more potentially affected by CVE-2024-43411 via ckeditor4 (=4.22.1)

ckeditor4 NPM version =4.22.1 is affected by a known vulnerability. The following packages have a transitive dependency on ckeditor4 and may be impacted: - @dankolz/news-flash =1.0.1, =1.0.0, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2024-43411 Source advisory:...

CVE-2024-7560

The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflashpostmeta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...

CVE-2024-7560 News Flash <= 1.1.0 - Authenticated (Editor+) PHP Object Injection

The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflashpostmeta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...

WordPress theme News Flash 安全漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme News Flash version 1.1.0 and earlier...

WordPress News Flash theme <= 1.1.0 - Authenticated (Editor+) PHP Object Injection vulnerability

Authenticated Editor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme News Flash versions = 1.1.0...

WordPress News Flash Theme <= 1.1.0 is vulnerable to PHP Object Injection

Software News Flash Type Theme Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7560 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 645105e26eb0 Credits Francesco Carlucci Required privilege Editor...