WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software Product Category Tree Type Plugin Vulnerable versions = 2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45054 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dfaa06e092f0 Credits Le Ngoc Anh...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. 'Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

UBUNTU-CVE-2023-3866

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So...

Eclipse JGit Security Vulnerability

Eclipse JGit is an open source Java implementation of the Eclipse Foundation for working with the Git version control system. A security vulnerability exists in Eclipse JGit 6.6.0 and earlier versions, which stems from the presence of symbolic links in specially crafted git repositories that can...

WordPress CMS Tree Page View Plugin < 1.6.8 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmstreepageviewproject:cmstreepageview"; ifdescription...

Oracle Linux 8 : sqlite (ELSA-2020-1810)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1810 advisory. - Fixed CVE-2019-13752 1786529 - Fixed CVE-2019-13753 1786535 - Fixed CVE-2019-13734 1786509 - Fixed CVE-2019-19924 1789776 - Fixed CVE-2019-19923...

DEBIAN-CVE-2023-39358

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the reportsuser.php file. In...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

PT-2023-5425 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.25 Description: An authenticated SQL injection issue allows authenticated users to perform privilege escalation and remote code execution. The issue resides in the reports user.php file, specifically in the ajax ge...

Prototype Pollution

tree-kit is vulnerable to Prototype Pollution. The vulnerability occurs because the extend function when the unflat option is set can be used to add arbitrary properties to an object , including properties that are not defined in the object's prototype which allows an attacker to execute arbitrar...

3d-kit (>=0.0.1 <=0.0.14), @0x4447/broccoli (>=1.0.0 <=1.0.16) +144 more potentially affected by CVE-2023-38894 via tree-kit (>=0.0.4 <=0.6.2)

tree-kit NPM version =0.0.4, =0.0.1, =1.0.0, =2.0.0, =1.0.0, =1.18.0, =0.0.1, =1.0.5-master.20190403074739, =1.0.0-master.20180909013449, =0.1.0-master.20191109234452, =0.1.0-ipcrm-custom-event.20191122150318, =1.1.0, =0.1.0-master.20190319050251, =0.1.9-update-dependencies.20190319120645,...

tree-kit Prototype Pollution vulnerability

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function...

GHSA-5P42-M6F3-HPMJ tree-kit Prototype Pollution vulnerability

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function...

CVE-2023-38894

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function...

CVE-2023-38894

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function...

CVE-2023-38894

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function...

CVE-2023-38894

The CVE-2023-38894 entry concerns a Prototype Pollution vulnerability in Cronvel Tree-kit v0.7.4 and earlier. Affected component: the extend function used on nested objects. Root cause: prototype contamination allows an attacker to manipulate object prototypes, enabling remote arbitrary code exec...

Tree Kit 安全漏洞

Tree Kit is a toolkit for Cedric Ronvel's personal developers that provides functions that operate with nested object structures. A security vulnerability exists in Cronvel Tree Kit version v.0.7.4 and earlier versions that stems from prototype contamination. An attacker could exploit the...

CVE-2023-38894

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function...

PT-2023-8585 · Unknown · Cronvel Tree-Kit

Name of the Vulnerable Software and Affected Versions: Cronvel Tree-kit versions 0.7.4 and before Description: A Prototype Pollution issue in Cronvel Tree-kit allows a remote attacker to execute arbitrary code via the extend function. This issue is related to uncontrolled modification of object...