CVE-2023-7085

The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-7085 Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG

The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-7085 Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG

The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

batik: Server-Side Request Forgery vulnerability

A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure...

WordPress Plugin Scalable Vector Graphics Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-15207 · WordPress · Scalable Vector Graphics

Name of the Vulnerable Software and Affected Versions: Scalable Vector Graphics SVG WordPress plugin versions through 3.4 Description: The issue arises from the Scalable Vector Graphics SVG WordPress plugin's failure to sanitize uploaded SVG files. This could allow users with a role as low as...

The vulnerability of the golang package in the Debian GNU/Linux operating system, which allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the golang package in the Debian GNU/Linux operating system is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to trigger a Denial-of-Service Attack DoS...

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bamboo Data Center and Server

This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. This software.amazon.ion:ion-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

CVE-2024-26618

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fi...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by out-of-bounds writes in multiple locations. An attacker can exploit this vulnerability to escalate privileges...

WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF

Description The plugin does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs PoC Make a logged in admin open the URL below to make them delete the filter with the slug...

Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2024-17974)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge Chromium-based suffers from a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...

Fedora: Security Advisory for batik (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: vecmath1.2-1.14-36.fc40

This is an unofficial implementation java source code of the javax.vecmath package specified in the JavaTM 3D API 1.2 . The package includes classes for 3-space vector/point, 4-space vector, 4x4, 3x3 matrix, quaternion, axis-angle combination and etc. which are often utilized for computer graphic...

[SECURITY] Fedora 40 Update: batik-1.14-13.fc40

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...