GHSA-PG4M-3GP6-HW4W org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users

Impact It's possible to get access to notification filters of any user by using a URL such as xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do...

org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions

Impact It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform version 13.2-rc-1 and earlier versions, which stems from insufficiently checking a user's permission to access the notification filter,...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform version 13.2-rc-1 and earlier, which stems from incorrect privilege checking that allows any user who knows the ID of a specific notificatio...

GHSA-PMHG-F7WC-C97M Aim Stored XSS through TEXT EXPLORER

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the...

Exploit for CVE-2024-32651

CVE-2024-32651 changedetection --port --ip --notification...

CVE-2024-8862 h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be...

BELL-CVE-2024-46689

Bulletin has no description...

DEBIAN-CVE-2024-46693

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmicglink: Fix race during initialization As pointed out by Stephen Boyd it is possible that during initialization of the pmicglink child drivers, the protection-domain notifiers fires, and the associated work is...

WordPress plugin Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

BELL-CVE-2024-24968

Bulletin has no description...

PT-2024-38099 · WordPress · The Floating Notification Bar

Name of the Vulnerable Software and Affected Versions: The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin versions prior to 2.7.3 Description: The issue concerns a lack of validation and escaping of certain settings before they ar...

PT-2024-38723 · Palo Alto Networks · Prisma Access Browser

Name of the Vulnerable Software and Affected Versions: Prisma Access Browser affected versions not specified Description: A vulnerability has been identified in Prisma Access Browser. The issue is mentioned in the Monthly Vulnerability Updates. For more information, a Vulnerability Notification i...

PT-2024-38730 · Palo Alto Networks · Prisma Access Browser

Name of the Vulnerable Software and Affected Versions: Prisma Access Browser affected versions not specified Description: A vulnerability has been identified in Prisma Access Browser. The issue is mentioned in the Monthly Vulnerability Updates. For more information, a Vulnerability Notification i...

PT-2024-38869 · Palo Alto Networks · Prisma Access Browser

Name of the Vulnerable Software and Affected Versions: Prisma Access Browser affected versions not specified Description: A vulnerability has been identified in Prisma Access Browser. The issue is mentioned in the Monthly Vulnerability Updates. For more information, a Vulnerability Notification i...

CVE-2024-43386

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAILNOTIFICATION.TO in mGuard devices...

Mozilla Firefox for Android Spoofing Vulnerability (CNVD-2024-40515)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox for Android suffers from a spoofing vulnerability, which is caused due to a masked notification of transition to full-screen mode. An attacker can exploit this vulnerability to spoof th...

PT-2024-30546 · Mguard · Mguard

Name of the Vulnerable Software and Affected Versions: mGuard devices affected versions not specified Description: A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL NOTIFICATION.TO...

C-MOR Video Surveillance 5.2401 / 6.00PL01 Information Disclosure / Cleartext Secret

Advisory ID: SYSS-2024-028 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Cleartext Storage of Sensitive Information CWE-312 Risk Level: Medium Solution Status: Open Manufacturer...

C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Scripting

Advisory ID: SYSS-2024-021 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Persistent Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05...