PT-2024-37875 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

The vulnerability of the Rails Html Sanitizer configuration tool for Rails applications stems from the inefficient complexity of regular expressions. This allows attackers to trigger a service failure.

The vulnerability of the Rails Html Sanitizer configuration tool for Rails applications is related to excessive reverse tracking when attempting to sanitize certain SVG attributes. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

PT-2024-32112 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 6.10.7 Description: The issue is related to the create elf fdpic tables function not correctly accounting for the space for the AUX vector when an architecture has ELF HWCAP2 defined. This results in a kernel BUG...

CVE-2024-7778

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

WordPress Orbit Fox by ThemeIsle plugin <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.36...

CKAN has Cross-site Scripting vector in the Datatables view plugin

The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Impact Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to...

GO-2022-1160 Amazon CloudWatch Agent for Windows has Privilege Escalation Vector in github.com/aws/amazon-cloudwatch-agent

Amazon CloudWatch Agent for Windows has Privilege Escalation Vector in github.com/aws/amazon-cloudwatch-agent...

CVE-2024-5335 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitcompareproducts cookie in versions up to ...

SUSE: Security Advisory (SUSE-SU-2024:2983-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Dell Storage Resource Manager and Dell Storage Monitoring and Reporting software agents allows a hacker to intercept an active user session.

The vulnerability of the Dell Storage Resource Manager and Dell Storage Monitoring and Reporting software agents relates to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to intercept the ongoing user session remotely...

WordPress plugin ARMember 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-065)

The version of kernel installed on the remote host is prior to 5.10.219-208.866. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-065 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix potential...

WordPress WordPress File Upload plugin <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin WordPress File Upload versions = 4.24.8...

DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Confluence Data Center and Server

This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 3.7.0 of Confluence Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bamboo Data Center and Server

This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Crowd Data Center and Server

This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

kernel: net: kernel: UAF in network route management

A use-after-free flaw was found in the Linux kernel's network route management. This flaw allows an attacker to alter the behavior of certain network connections...

PT-2024-7988

Name of the Vulnerable Software and Affected Versions Microsoft Copilot Studio affected versions not specified Description The issue is related to the exposure of sensitive information to unauthorized actors in Microsoft Copilot Studio. This allows an unauthenticated attacker to view sensitive...

CVE-2023-31305

Generation of weak and predictable Initialization Vector IV in PMFW Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure...

CVE-2023-31305

CVE-2023-31305 describes weak and predictable IV generation in Power Management Firmware (PMFW). Under local access with high privileges, an attacker could reuse IV values to reverse‑engineer debug data, potentially causing information disclosure. The provided materials confirm the vulnerability ...