354 matches found
Gitea 1.24.0+dev HTML Injection / Cross Site Scripting
Gitea version 1.24.0+dev suffers from an html injection vulnerability that can allow for cross site scripting. Title: Gitea 1.24.0+dev HTML Injection Vulnerability Description: Gitea version 1.24.0+dev-355-g74c8e95e87 is vulnerable to an HTML Injection vulnerability. The issue arises due to...
CVE-2020-11067
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user...
CVE-2024-54365
Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through = 1.0.0...
firefox -- authentication bypass
[email protected] reports: Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed...
CVE-2024-54365
Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through = 1.0.0...
CVE-2024-54365 WordPress KH Easy User Settings plugin <= 1.0.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through = 1.0.0...
CVE-2024-54365
CVE-2024-54365: KH Easy User Settings suffers an Authenticated Privilege Escalation (Authenticated Subscriber+) caused by Incorrect Privilege Assignment, affecting KH Easy User Settings up to version 1.0.0. CVSS v3.1 base score 8.8 (HIGH); impacts: confidentiality, integrity, and availability. Af...
CVE-2024-54365 WordPress KH Easy User Settings plugin <= 1.0.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through = 1.0.0...
PT-2024-36251 · Unknown · Halim Kh Easy User Settings
Name of the Vulnerable Software and Affected Versions: Halim KH Easy User Settings versions n/a through 1.0.0 Description: The issue is related to an Incorrect Privilege Assignment, which allows Privilege Escalation. Recommendations: For Halim KH Easy User Settings versions n/a through 1.0.0, at...
CVE-2024-28142
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...
CVE-2024-28142 Stored cross site scripting
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...
CVE-2024-28142 Stored cross site scripting
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...
CVE-2024-28142
The CVE-2024-28142 entry describes stored cross-site scripting via improper input sanitization on the Image Access Scan2Net (and related lines) File Name input on the User Settings page (/cgi/uset.cgi?-cfilename). The root cause is inadequate filtering of the file name and wildcard character inpu...
WordPress KH Easy User Settings plugin <= 1.0.0 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin KH Easy User Settings versions = 1.0.0...
CVE-2024-52051
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 All versions, SIMATIC S7-PLCSIM V18 All versions, SIMATIC STEP 7 Safety V17 All versions V17 Update 9, SIMATIC STEP 7 Safety V18 All versions, SIMATIC STEP 7 Safety V19 All versions V19 Update 4, SIMATIC STEP 7 V17 All versions V17 Upda...
CVE-2024-52051
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 All versions, SIMATIC S7-PLCSIM V18 All versions, SIMATIC STEP 7 Safety V17 All versions V17 Update 9, SIMATIC STEP 7 Safety V18 All versions, SIMATIC STEP 7 Safety V19 All versions V19 Update 4, SIMATIC STEP 7 V17 All versions V17 Upda...
PT-2024-9404 · Siemens · Sinamics Startdrive +11
Name of the Vulnerable Software and Affected Versions: SIMATIC S7-PLCSIM versions 17 through 18 SIMATIC STEP 7 Safety versions 17 through 19 SIMATIC STEP 7 versions 17 through 19 SIMATIC WinCC Unified PC Runtime versions 18 through 19 SIMATIC WinCC Unified versions 17 through 19 SIMATIC WinCC...
SUSE-SU-2024:4205-1 Security update for docker-stable
This update for docker-stable fixes the following issues: - Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Update --add-runtime to point to correct binary path. - Further merge docker a...
CVE-2024-45757
An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access...
CVE-2024-45757
An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access...