IBM Security Directory Integrator和IBM Security Verify Directory Integrator 安全漏洞

IBM Security Directory Integrator and IBM Security Verify Directory Integrator are both products of International Business Machines IBM.IBM Security Directory Integrator is an integrated development environment and runtime service. IBM Security Verify Directory Integrator is software for...

IBM Security Directory Integrator和IBM Security Verify Directory Integrator 安全漏洞

IBM Security Directory Integrator and IBM Security Verify Directory Integrator are both products of International Business Machines IBM.IBM Security Directory Integrator is an integrated development environment and runtime service. IBM Security Verify Directory Integrator is software for...

SUSE CVE-2025-23050

QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read or division by zero. This is fixed in 5.15.19, 6.5.9, and 6.8.2...

CVE-2024-13550

The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files...

SUSE CVE-2025-24359

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

PT-2025-4001 · WordPress · Themerex Addons

Name of the Vulnerable Software and Affected Versions: ThemeREX Addons plugin for WordPress versions up to and including 2.33.0 Description: The issue arises from the trx sc reviews shortcode type attribute, allowing authenticated attackers with contributor-level or higher permissions to include...

Exposed Dangerous Method or Function

Overview asteval is a Safe, minimalistic evaluator of python expression using ast module Affected versions of this package are vulnerable to Exposed Dangerous Method or Function through the onformattedvalue function. An attacker can manipulate the value of the string used in the dangerous call...

GHSA-3WWR-3G9F-9GC7 ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...

UBUNTU-CVE-2025-24359

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

CVE-2024-13408

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the pgcu shortcode. This makes it possible for authenticated attacker...

CVE-2024-13572

CVE-2024-13572 – Precious Metals Charts and Widgets for WordPress is a stored XSS vulnerability in the WordPress plugin via the nfusion-widget shortcode. Affected versions: all up to 1.2.8. An authenticated attacker with contributor-level access or higher can inject arbitrary JavaScript that exec...

PT-2025-2161 · WordPress · Post Grid

Name of the Vulnerable Software and Affected Versions: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress versions up to, and including, 1.6.10 Description: The issue allows authenticated attackers, with Contributor-level access and...

PT-2025-2216 · WordPress · Abc Notation

Name of the Vulnerable Software and Affected Versions: ABC Notation plugin for WordPress versions up to, and including, 6.1.3 Description: The issue allows authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain...

GHSA-VP47-9734-PRJW ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass its safety restrictions and execute arbitrary Python code within the application's context. Details The vulnerability is rooted in how asteval performs attribute access verification. In particular, the onattribut...

ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass its safety restrictions and execute arbitrary Python code within the application's context. Details The vulnerability is rooted in how asteval performs attribute access verification. In particular, the onattribut...

Exposed Dangerous Method or Function

Overview asteval is a Safe, minimalistic evaluator of python expression using ast module Affected versions of this package are vulnerable to Exposed Dangerous Method or Function stems from the library's attribute access verification method, specifically within the onattribute node handler. The...

CVE-2024-12118

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the htmltag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

WordPress plugin The Events Calendar 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-5646 · Asteval · Asteval

Name of the Vulnerable Software and Affected Versions: asteval affected versions not specified Description: The issue arises from how asteval performs attribute access verification, specifically in the on attribute node handler. This handler prevents access to attributes that are either present i...

CVE-2025-23044

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit...