CentOS 7 : buildah (RHSA-2020:1231)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1231 advisory. - The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection through the toUtf8 function in the XmlScanner.php file. An attacker can disclose server files and sensitive information by providing an Excel sheet with a modified XML structure, specifying UTF-7 encodi...

CVE-2022-2439

The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'uploadfile' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using...

ABB Cylon Aspect 3.08.01 Remote Code Execution Vulnerability

ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite function,...

PT-2024-30177 · Unknown · Elaine'S Realtime Crm Automation

Name of the Vulnerable Software and Affected Versions: Elaine's Realtime CRM Automation version 6.18.17 Description: A reflected cross-site scripting XSS issue allows attackers to execute arbitrary JavaScript code in a user's web browser by injecting a crafted payload into the dialog parameter at...

MAL-2024-12261 Malicious code in easypydb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6bba8fa7c973e17898962b7fa6aebecdd0d9149b9e3a1f078bbc57f5e4bf7f0a The package is a wrapper around "s1db" package, which offers some kind of easy online database. However, this package silently exfiltrates credentials given by...

Malicious code in easypydb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6bba8fa7c973e17898962b7fa6aebecdd0d9149b9e3a1f078bbc57f5e4bf7f0a The package is a wrapper around "s1db" package, which offers some kind of easy online database. However, this package silently exfiltrates credentials given by...

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

CVE-2022-2446

CVE-2022-2446 affects the WP Editor WordPress plugin. The vulnerability is a PHAR deserialization issue via the current_theme_root parameter in versions up to and including 1.2.9. An authenticated attacker with administrative privileges who can upload a serialized payload can trigger deserializat...

WordPress plugin WP Editor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2024-11530 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor plugin for WordPress versions up to, and including 1.2.9 Description: The issue allows deserialization of untrusted input via the current theme root parameter. This enables authenticated attackers with administrative privileges to...

CVE-2024-40656

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2024-6282

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input sanitization and output...

WordPress Master Addons plugin <= 2.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-jltma-wrapper-link Element vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-jltma-wrapper-link Element vulnerability discovered by Webbernaut in WordPress Plugin Master Addons for Elementor versions = 2.0.6.4...

WordPress plugin Master Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by an obfuscated agent in handleCreateConferenceComplete of ConnectionServiceWrapper.java. An attacker can exploit this vulnerability to obtain...

PT-2024-37510 · WordPress · The Master Addons

Name of the Vulnerable Software and Affected Versions: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress versions up to, and including 2.0.6.4 Description: The issue is related to Stored Cross-Site Scripting via the...

PT-2024-28970 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the handleCreateConferenceComplete function in ConnectionServiceWrapper.java, where a confused deputy could lead to revealing...

CVE-2024-44973

This CVE (CVE-2024-44973) concerns the Linux kernel SLUB allocator. The root cause is that freeing of kfence objects was moved out of do_slab_free but missed a spot in __kmem_cache_free_bulk, leading to a crash chain involving skbuff_head_cache and slab_err (mm/slub.c). The impact described is a ...