375 matches found
Security update for docker
This update for docker fixes the following issues: Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker which...
CVE-2024-12459 Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-12459
CVE-2024-12459 – WordPress Ganohrs Toggle Shortcode : A stored XSS vulnerability exists in the Ganohrs Toggle Shortcode plugin for WordPress, affecting versions up to 0.2.4. The issue stems from insufficient input sanitization and output escaping on user-supplied attributes used by the plugin’s t...
CVE-2024-12459 Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Ganohrs Toggle Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2024-17602 · WordPress · Ganohrs Toggle Shortcode
Name of the Vulnerable Software and Affected Versions: Ganohrs Toggle Shortcode plugin for WordPress versions up to, and including, 0.2.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode due to insufficient input sanitization and output escaping...
Security update for docker
This update for docker fixes the following issues: Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker which...
IBPhoenix ibWebAdmin 注入漏洞
IBPhoenix ibWebAdmin is a Firebird and InterBase database server web front end from IBPhoenix. An injection vulnerability exists in IBPhoenix ibWebAdmin 1.0.2 and earlier versions, which stems from the parameter p in the file /togglefoldpanel.php in the Tabelas Section can lead to a cross-site...
PT-2024-16645 · Ibphoenix · Ibphoenix Ibwebadmin
Name of the Vulnerable Software and Affected Versions: IBPhoenix ibWebAdmin versions up to 1.0.2 Description: A problem was found in the Tabelas Section, specifically in the file /toggle fold panel.php, where the manipulation of the argument p leads to cross-site scripting. This issue can be...
Directory Traversal
Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Directory Traversal through the lollmsfilesystem.py file. An attacker can manipulate file paths to access or modify files outside of the intended directories by supplying maliciou...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation of the vector-toc-toggle-button-label parameter. Remediation A fix was pushed into the master branch but not yet published. References - Gerrit Wikimedia - GitHub Commit - Wikimedia Phabricator...
DEBIAN-CVE-2023-45359
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup...
UBUNTU-CVE-2023-45359
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup...
September 30, 2024—KB5043178 (OS Build 26100.1882) Preview
September 30, 2024—KB5043178 OS Build 26100.1882 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types.Note Follow @WindowsUpdate to find out when new content is published to the Windows release health...
SUSE CVE-2024-46830
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm-srcu when handling KVMSETVCPUEVENTS Grab kvm-srcu when processing KVMSETVCPUEVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note,...
WordPress plugin WP Extended 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-43961
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in azurecurve azurecurve Toggle Show/Hide allows Stored XSS.This issue affects azurecurve Toggle Show/Hide: from n/a through 2.1.3...
CVE-2024-43961
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in azurecurve azurecurve Toggle Show/Hide allows Stored XSS.This issue affects azurecurve Toggle Show/Hide: from n/a through 2.1.3...
CVE-2024-43961 WordPress azurecurve Toggle Show/Hide plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in azurecurve azurecurve Toggle Show/Hide allows Stored XSS.This issue affects azurecurve Toggle Show/Hide: from n/a through 2.1.3...
CVE-2024-43961 WordPress azurecurve Toggle Show/Hide plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in azurecurve azurecurve Toggle Show/Hide allows Stored XSS.This issue affects azurecurve Toggle Show/Hide: from n/a through 2.1.3...