Lucene search
K

8527 matches found

NVD
NVD
added 2024/09/04 7:15 p.m.19 views

CVE-2024-44952

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
OSV
OSV
added 2024/09/04 7:15 p.m.17 views

CVE-2024-44952

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

7AI score
Exploits0References1
CVE
CVE
added 2024/09/04 6:35 p.m.147 views

CVE-2024-44952

CVE-2024-44952 is associated with Siemens SCALANCE and RUGGEDCOM devices (OT environment). The issue is described as an improper locking that could lead to a deadlock in driver core during device detachment/attribute handling. The cited advisory fixes the problem by using synchronize_rcu() to pre...

7.3AI score
Exploits0
Veracode
Veracode
added 2024/09/04 10:37 a.m.138 views

Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is cause due to a missing validation and sanitization in the href attribute of the tag in the carousel component in the data-slide and data-slide-to attributes. This can enable attackers to execute arbitrary JavaScript within...

6.7AI score
Exploits0References4Affected Software5
RedHat Linux
RedHat Linux
added 2024/09/04 8:17 a.m.5 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/03 3:48 p.m.3 views

kernel: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

5.5CVSS6.7AI score0.00249EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.9 views

PT-2024-34078

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: A vulnerability in the Linux kernel has been resolved, specifically related to the fs/ntfs3 module, where a rough attr alloc size check has been added. Recommendations: For versions prior to...

7.8CVSS5.3AI score0.00215EPSS
Exploits0
NVD
NVD
added 2024/09/02 8:15 a.m.19 views

CVE-2024-7354

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS0.00662EPSS
Exploits1References1
OSV
OSV
added 2024/09/02 8:15 a.m.3 views

CVE-2024-7354

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00662EPSS
Exploits1References1
CVE
CVE
added 2024/09/02 6:0 a.m.77 views

CVE-2024-7354

CVE-2024-7354 affects Ninja Forms for WordPress prior to 3.8.11. The issue is that the plugin does not escape a URL before printing it within an HTML attribute, enabling a reflected XSS attack that could target high-privilege users (e.g., admins). The NVD/NIST entry documents a CVSS 3.1 base scor...

6.1CVSS6AI score0.00662EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/09/02 6:0 a.m.23 views

CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00662EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/02 6:0 a.m.19 views

CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.2AI score0.00662EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/09/02 3:46 a.m.2 views

WordPress WPZOOM Portfolio Lite plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via align Attribute vulnerability discovered by Francesco Carlucci in WordPress Plugin WPZOOM Portfolio versions = 1.4.4...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/08/31 8:15 a.m.3 views

CVE-2024-8276

The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping...

5.4CVSS5.9AI score0.00352EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.151 views

Mac OS X Safari .webarchive File Format UXSS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Mac OS X Safari .webarchive File Format UXSS', 'Description' = %q Generates a .webarchive file for Mac OS X Safari that will attemp...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/08/30 4:49 p.m.22 views

Svelte has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19. Details Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules: - If the string is an attribute value: - " - " - & - & - Other characters - No conversion -...

6.1CVSS6AI score0.00344EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/08/30 4:49 p.m.2 views

GHSA-8266-84WP-WV5C Svelte has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19. Details Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules: - If the string is an attribute value: - " - " - & - & - Other characters - No conversion -...

5.4CVSS5.9AI score0.00344EPSS
Exploits1References4
OSV
OSV
added 2024/08/30 10:15 a.m.3 views

CVE-2024-8252

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

8.8CVSS6.3AI score0.03034EPSS
Exploits0References4
OSV
OSV
added 2024/08/30 5:15 a.m.4 views

CVE-2024-5879

The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient input sanitization and output escaping. This...

5.4CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/30 12:0 a.m.4 views

PT-2024-31398 · Svelte · Svelte

Name of the Vulnerable Software and Affected Versions: Svelte versions prior to 4.2.19 Description: A potential mXSS vulnerability exists in Svelte due to improper HTML escaping on server-side rendering. The issue arises when the final DOM tree rendered on browsers differs from what Svelte expect...

6.1CVSS6.1AI score0.00344EPSS
Exploits1References11
Rows per page
Query Builder