2148 matches found
GHSA-P2Q9-36VW-C468 olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...
PT-2024-40386 · Olm-Rs +3 · Olm-Rs +3
Name of the Vulnerable Software and Affected Versions: olm-sys affected versions not specified olm-rs affected versions not specified Description: The Matrix Foundation has officially deprecated the libolm library due to several publicly disclosed cryptographic vulnerabilities. As a result,...
olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...
CVE-2024-5061
The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapperclass’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2022-2440
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...
CVE-2022-2440
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...
PT-2024-34355 · WordPress · Enfold
Name of the Vulnerable Software and Affected Versions: Enfold - Responsive Multi-Purpose Theme versions up to, and including, 6.0.3 Description: The Enfold theme for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper class and class parameters due to insufficient input...
PT-2024-9765 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: A flaw was found in the cURL wrapper in Moodle, which strips HTTPAUTH and USERPWD headers during emulated redirects but retains other original request headers. This could lead to HTTP...
Fedora: Security Advisory (FEDORA-2024-c678f46845)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-V784-FJJH-F8R4 Nuxt vulnerable to remote code execution via the browser when running the test locally
Summary Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Details While running the test, a special component named NuxtTestComponentWrapper is...
PT-2024-25801
Name of the Vulnerable Software and Affected Versions Nuxt affected versions not specified Description The issue arises from insufficient validation of the path parameter in the NuxtTestComponentWrapper, allowing an attacker to execute arbitrary JavaScript on the server side. This enables the...
CVE-2024-2455
The Element Pack - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget wrapper link URL in all versions up to, and including, 7.9.0 due to insufficient input sanitization and output escaping on user supplied attributes...
WordPress Element Pack Pro plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via Wrapper Link URL vulnerability discovered by Francesco Carlucci in WordPress Plugin Element Pack Pro versions = 7.9.0...
OESA-2024-1889 python-zipp security update
A pathlib-compatible Zipfile object wrapper. A backport of the Path object. Security Fixes: A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an...
[SECURITY] Fedora 39 Update: python-zipp-3.16.2-3.fc39
A pathlib-compatible Zipfile object wrapper. A backport of the Path object...
Joomla! 4.x < 4.4.6 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...
Joomla! 3.x < 3.10.16 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...
SUSE-SU-2024:2468-1 Security update for traceroute
This update for traceroute fixes the following issues: - CVE-2023-46316: wrapper scripts do not properly parse command lines bsc1216591...
PT-2024-21328 · Unknown · Wrapper Extensions
Name of the Vulnerable Software and Affected Versions: Wrapper extensions affected versions not specified Description: The issue arises from inadequate input validation in the wrapper extensions, leading to Cross-Site Scripting XSS vectors. XSS is a type of security vulnerability that allows an...
Malicious code in active-model_serializers-hash_wrapper (RubyGems)
--- -= Per source details. Do not edit below this line.=-...