Ledger多款产品 安全漏洞

The Ledger Nano X, among others, are products of the French company Ledger. The Ledger Nano X is a hardware wallet for cryptocurrency assets. The Ledger Flex is a touch-screen hardware wallet for cryptocurrency assets. The Ledger Stax is a curved electronic ink-screen hardware wallet for...

SUSE CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...

EUVD-2024-31670

Malicious code in bioql PyPI...

EUVD-2022-5391

Malicious code in bioql PyPI...

Malicious code in stax-cli (npm)

The package stax-cli was found to contain malicious code...

MAL-2025-33967 Malicious code in stax-cli (npm)

The package stax-cli was found to contain malicious code...

SUSE: Security Advisory (SUSE-SU-2024:4037-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for bea-stax, xstream

This update for bea-stax, xstream fixes the following issues: CVE-2024-47072: Fixed possible remote denial-of-service via a stack overflow bsc1233085. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2024:4037-1 Security update for bea-stax, xstream

This update for bea-stax, xstream fixes the following issues: - CVE-2024-47072: Fixed possible remote denial-of-service via a stack overflow bsc1233085...

CVE-2024-37541 WordPress Elementor Addons, Widgets and Enhancements – Stax plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StaxWP Elementor Addons, Widgets and Enhancements – Stax stax-addons-for-elementor allows DOM-Based XSS.This issue affects Elementor Addons, Widgets and Enhancements – Stax: from n/a through = 1.5....

WordPress Elementor Addons, Widgets and Enhancements – Stax plugin <= 1.4.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Elementor Addons, Widgets and Enhancements – Stax versions = 1.4.4.1...

PT-2024-27639 · Unknown · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons, Widgets and Enhancements – Stax versions 1.4.4.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XS...

WordPress plugin Elementor Addons, Widgets and Enhancements - Stax Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Elementor Addons, Widgets and Enhancements – Stax Plugin <= 1.4.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Addons, Widgets and Enhancements – Stax Type Plugin Vulnerable versions = 1.4.4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dcc6d855b26f Credits Khal...

pki-core:10.6 and pki-deps:10.6 security update

apache-commons-collections apache-commons-lang apache-commons-net bea-stax fasterxml-oss-parent 49-1 - Rebase to upstream version 49 26-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 26-5 - Fix license tag 26-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora27MassRebuild...

CVE-2024-3064 Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heading' widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

Wordpress Plugin stax-addons-for-elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... A cross-site scripting...

Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heading' widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied...

Fedora: Security Advisory for jaxb-stax-ex (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...