PT-2024-16752 · WordPress · The Support Svg – Upload Svg Files In Wordpress Without Hassle

Name of the Vulnerable Software and Affected Versions: The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input...

AI Under the Microscope—What’s Changed in the OWASP Top 10 for LLMs 2025

As AI continues to evolve, so do the threats and vulnerabilities that surround Large Language Models LLMs. The OWASP Top 10 for LLM Applications 2025 introduces critical updates that reflect the rapid changes in how these models are applied in real-world scenarios. While the list includes...

Bootiful Spring Boot 3.4: Spring AI

I love Spring AI. It’s an amazing project designed to bring the patterns and practices of AI engineering to the Spring Boot developer. It’s got clean idiomatic abstractions that’ll make any Sring developer feel right at home, and it has a ton of integrations with all manner of different vector...

IrfanView 安全漏洞

IrfanView is an image viewer. It supports image browsing, image editing, image format conversion and so on. IrfanView suffers from a code execution vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current process...

IrfanView 安全漏洞

IrfanView is an image viewer by the individual developer Irfan Skiljan. It supports image browsing, image editing, image format conversion and more. IrfanView suffers from a post-release reuse vulnerability that can be exploited by an attacker to execute code in the context of the current process...

IrfanView 安全漏洞

IrfanView is an image viewer. It supports image browsing, image editing, image format conversion and so on. A heap buffer overflow remote code execution vulnerability exists in IrfanView SVG file parsing, which is caused by failing to properly validate the length of user-supplied data before...

WordPress Product Designer plugin <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Product Designer versions = 1.0.36...

CVE-2024-9851

The LSX Tour Operator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-10482

The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

WordPress LSX Tour Operator plugin <= 1.4.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin LSX Tour Operator versions = 1.4.9...

grafana-pcp security update

5.1.1-9 - Resolves: RHEL-57932 5.1.1-8 - Add a premade uwsgi dashboard for the vector datasource...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a problematic stale CPU state when handling SVE traps...

Why Spring AI: The Seamless Path to Generative AI

Why Spring AI: The Seamless Path for Spring Developers to the World of Generative AI Intro As a Java developer exploring the world of generative AI, you’re probably aware of several frameworks that promise to make AI integration easy. I believe Spring AI stands out as the natural choice, especial...

Bitcoin Core 安全漏洞

Bitcoin Core is a Bitcoin open source client for verifying the validity of blockchain transactions. A security vulnerability exists in Bitcoin Core versions prior to 25.0. An attacker exploiting the vulnerability could affect the download status of other peers by sending variant blocks...

WordPress plugin Exclusive Divi 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin PJW Mime Config 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2024-11256

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has bee...

UBUNTU-CVE-2024-47759

GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17...

LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input i...

Cross-site Scripting (XSS)

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via a malicious SVG file, in ImageUploader.php. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects”...