8538 matches found
PT-2024-30637 · WordPress · The Master Slider
Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ms layer' shortcode due to insufficient input sanitizati...
The vulnerability of the bgpd/bgpattr.c file in the networking routing implementation software for Unix-like systems allows a hacker to cause a service failure.
The vulnerability of the bgpd/bgpattr.c file in the networking routing implementation software for Unix-like systems in FRRouting is related to the ability to read beyond the boundaries of bgpattraigpvalid, as no checks for AIGP are performed. Exploiting this vulnerability could allow a malicious...
The vulnerability of the network routing implementation software on Unix-like systems, related to memory release errors, allows a hacker to cause a service failure.
The vulnerability of the FRRouting software for implementing network routing on Unix-like systems is related to the improper processing of the BGP UPDATE message created with the MPUNREACHNLRI attribute and additional data NLRI. Exploiting this vulnerability can allow a malicious actor to cause...
CVE-2024-5611
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘labelyears’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-37888
The CVE-2024-37888 issue affects the Open Link CKEditor plugin, impacting users of versions prior to 1.0.5. The vulnerability is a cross-site scripting (XSS) flaw that enables JavaScript execution via abuse of the link href attribute in the plugin’s open link functionality. Remediation per source...
fence-agents security and bug fix update
An update is available for fence-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...
python-jinja2 security update
An update is available for python-jinja2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-jinja2 package contains Jinja2, a template engine written in...
RLSA-2024:3102 Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...
Open Link Security Vulnerability
Open Link plugin is a very simple plugin by Marek Lewandowski personal developer. It is possible to extend the context menu and open links in new tabs. A security vulnerability exists in versions prior to Open Link 1.0.5, which stems from a cross-site scripting vulnerability in the Open Link...
Rocky Linux 8 : python-jinja2 (RLSA-2024:3102)
The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:3102 advisory. jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-22195 Tenable has extracted the preceding description block directly...
CVE-2024-5265
The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vcsingleimage shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-5757
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2024-4476 · Mozilla +1 · Firefox For Ios +1
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 127 Description: The issue is related to errors in the representation of information by the user interface. It may allow a remote attacker to conduct spoofing attacks using the cpLocation attribute, potential...
Improper Access Control
scikit-learn is vulnerable to Improper Access Control. The vulnerability is due to the unexpected storage of all tokens in the stopwords attribute, which can leak sensitive information such as passwords or keys when using the TfidfVectorizer class...
SUSE CVE-2024-5206
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...
CVE-2024-5646
The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
jinja2: accepts keys containing non-attribute characters
A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...
PT-2024-36819 · WordPress · Futurio Extra
Name of the Vulnerable Software and Affected Versions: Futurio Extra plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is related to Stored Cross-Site Scripting via the header size attribute within the Advanced Text Block widget due to insufficient input sanitizatio...
jinja2: accepts keys containing non-attribute characters
A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...
GHSA-GWPM-PM6X-H7RJ ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags`
ZendFilterStripTags is a filtering class analogous to PHP's striptags function. In addition to stripping HTML tags and selectively keeping those provided in a whitelist, it also provides the ability to whitelist specific attributes to retain per whitelisted tag. The reporter discovered that...