CVE-2024-11756

The SweepWidget Contests, Giveaways, Photo Contests, Competitions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sweepwidget' shortcode in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping on user supplied...

PT-2025-2598 · Joomla +2 · Joomla! +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a lack of output escaping in the id attribute of menu lists. This could potentially lead to issues where user input is not...

PT-2025-1035 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a logic error in the code of gatt sr.cc, specifically in the gatts process read by type req function, which could lead to an out-of-bounds write. This might result i...

CVE-2024-55897 IBM PowerHA SystemMirror for i information disclosure

IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...

CVE-2024-55897 IBM PowerHA SystemMirror for i information disclosure

IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...

PT-2025-34411

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the hfsplus filesystem. Syzbot reported an issue where a mutex lock check in hfsplus free extents could trigger warnings and errors during...

PT-2026-21524

Name of the Vulnerable Software and Affected Versions: 389 Directory Server versions prior to 3.0.6git249.6688af9b2. Description: A heap buffer overflow vulnerability exists in the schema attr enum callback function within the schema.c file of 389 Directory Server. This occurs because the code...

PT-2025-42569

Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software contains a flaw related to sanitizing attributes unwrapped from data-ve-attributes. This could potentially allow for issues related to attribute handling. Recommendations At th...

PT-2025-36313

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the bno055 driver related to an out-of-bounds array access of the hw xlate array within the bno055 get regmask function. The issue occurs because the...

DEBIAN-CVE-2024-56663

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NL80211ATTRMLOLINKID off-by-one Since the netlink attribute range validation provides inclusive checking, the max of attribute NL80211ATTRMLOLINKID should be IEEE80211MLDMAXNUMLINKS - 1 otherwise causing an...

CVE-2024-56663

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NL80211ATTRMLOLINKID off-by-one Since the netlink attribute range validation provides inclusive checking, the max of attribute NL80211ATTRMLOLINKID should be IEEE80211MLDMAXNUMLINKS - 1 otherwise causing an...

UBUNTU-CVE-2024-56663

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NL80211ATTRMLOLINKID off-by-one Since the netlink attribute range validation provides inclusive checking, the max of attribute NL80211ATTRMLOLINKID should be IEEE80211MLDMAXNUMLINKS - 1 otherwise causing an...

CVE-2024-56663 wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NL80211ATTRMLOLINKID off-by-one Since the netlink attribute range validation provides inclusive checking, the max of attribute NL80211ATTRMLOLINKID should be IEEE80211MLDMAXNUMLINKS - 1 otherwise causing an...

GHSA-4P8J-VHJM-6PVW TCPDF lacks SVG sanitization

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

TCPDF lacks SVG sanitization

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

CLSA-2024-1735064733 Fix CVE(s): CVE-2023-28708

SECURITY UPDATE: Missing secure attribute in session cookies with RemoteIpFilter - debian/patches/CVE-2023-28708.patch: Fix JSessionId secure attribute missing with RemoteIpFilter and X-Forwarded-Proto set to https - CVE-2023-28708...

CVE-2024-53159

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Security update for vhostmd

This update for vhostmd fixes the following issues: Updated to version 1.2 Fix actions using the 'free' command Fix buffer accounting when generating metric XML Change actions to retrieve vendor and product info Add a 'unit' attribute to the metrics element vif-stats.py: convert to Python3 conf:...

HTML Attribute Injection

github.com/gohugoio/hugo is vulnerable to HTML Attribute Injection. The vulnerability is due to insufficient sanitization and escaping of HTML attributes in the internal templates, allows untrusted user input, such as Markdown content, to be processed and rendered without proper handling of...

PT-2024-17415 · WordPress · Carousel Slider & Grid Ultimate

Name of the Vulnerable Software and Affected Versions: Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress versions up to, and including, 1.9.10 Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary...