EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-2544)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : bpf, skmsg: Fix NULL pointer dereference in skpsockskbingressenqueueCVE-2024-36938 bpf, sockmap: Prevent lock inversion deadlock in map delete...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-2519)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : bpf, skmsg: Fix NULL pointer dereference in skpsockskbingressenqueueCVE-2024-36938 bpf, sockmap: Prevent lock inversion deadlock in map delete...

CentOS 7 : kernel-alt (RHSA-2020:0740)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0740 advisory. - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an...

CVE-2024-43488

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

CVE-2024-43488

CVE-2024-43488 affects the Visual Studio Code extension for Arduino. The vulnerability is a missing authentication in a critical function, enabling remote code execution over a network attack vector. Impact per sources is arbitrary code execution with high/critical severity. Affected component is...

Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

Copilot Studio Information Disclosure Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...

AZL-50172 CVE-2024-9026 affecting package php for versions less than 8.3.12-1

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

WordPress Sirv plugin <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Sirv versions = 7.2.9...

ROS-20241008-08

Intel processor firmware vulnerability is related to information leakage from vector registers. registers. Exploitation of the vulnerability may allow an intruder to gain access to protected information...

WordPress WP Cleanup and Basic Functions plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin WP Cleanup and Basic Functions versions = 2.2.1...

CVE-2023-26771

Taskcafe 0.3.2 is vulnerable to Cross Site Scripting XSS. There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the...

CVE-2024-9271

The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to injec...

CVE-2024-9368

The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

WordPress plugin Re:WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...

PT-2024-12114 · Taskcafe · Taskcafe

Name of the Vulnerable Software and Affected Versions: Taskcafe version 0.3.2 Description: The issue is related to a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload. An authenticated attacker can exploit this by uploading a malicious picture, which will...

Sulu 跨站脚本漏洞

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A cross-site scripting vulnerability exists in Sulu that stems from allowing users to upload SVG files with a malicious payload...

PT-2024-39598 · WordPress · Aggregator Advanced Settings

Name of the Vulnerable Software and Affected Versions: Aggregator Advanced Settings plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allo...

PT-2024-39600 · WordPress · Wp Blocks Hub

Name of the Vulnerable Software and Affected Versions: WP Blocks Hub plugin for WordPress versions up to, and including, 1.0.2 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticate...

PT-2024-32677 · Sulu · Sulu

Name of the Vulnerable Software and Affected Versions: Sulu versions 2.0.0 through 2.6.4 Description: Sulu, a PHP content management system, is vulnerable to XSS attacks. A low-privileged user with access to the "Media" section can upload an SVG file containing a malicious payload. Once uploaded...