Lucene search
K

8538 matches found

Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.6 views

PT-2024-30637 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ms layer' shortcode due to insufficient input sanitizati...

6.4CVSS6.1AI score0.00322EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/06/18 12:0 a.m.3 views

The vulnerability of the bgpd/bgpattr.c file in the networking routing implementation software for Unix-like systems allows a hacker to cause a service failure.

The vulnerability of the bgpd/bgpattr.c file in the networking routing implementation software for Unix-like systems in FRRouting is related to the ability to read beyond the boundaries of bgpattraigpvalid, as no checks for AIGP are performed. Exploiting this vulnerability could allow a malicious...

9.4CVSS7AI score0.0096EPSS
Exploits0References8Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/06/18 12:0 a.m.6 views

The vulnerability of the network routing implementation software on Unix-like systems, related to memory release errors, allows a hacker to cause a service failure.

The vulnerability of the FRRouting software for implementing network routing on Unix-like systems is related to the improper processing of the BGP UPDATE message created with the MPUNREACHNLRI attribute and additional data NLRI. Exploiting this vulnerability can allow a malicious actor to cause...

7.8CVSS7.3AI score0.00911EPSS
Exploits0References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2024/06/15 10:15 a.m.3 views

CVE-2024-5611

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘labelyears’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.00326EPSS
Exploits0References4
CVE
CVE
added 2024/06/14 5:17 p.m.65 views

CVE-2024-37888

The CVE-2024-37888 issue affects the Open Link CKEditor plugin, impacting users of versions prior to 1.0.5. The vulnerability is a cross-site scripting (XSS) flaw that enables JavaScript execution via abuse of the link href attribute in the plugin’s open link functionality. Remediation per source...

6.1CVSS6.3AI score0.00856EPSS
Exploits0References1Affected Software1
Rockylinux
Rockylinux
added 2024/06/14 1:59 p.m.31 views

fence-agents security and bug fix update

An update is available for fence-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...

6.1CVSS6.8AI score0.00892EPSS
Exploits0
Rockylinux
Rockylinux
added 2024/06/14 1:59 p.m.25 views

python-jinja2 security update

An update is available for python-jinja2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-jinja2 package contains Jinja2, a template engine written in...

6.1CVSS6.6AI score0.00892EPSS
Exploits0
OSV
OSV
added 2024/06/14 1:59 p.m.36 views

RLSA-2024:3102 Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...

6.1CVSS6.7AI score0.00892EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.3 views

Open Link Security Vulnerability

Open Link plugin is a very simple plugin by Marek Lewandowski personal developer. It is possible to extend the context menu and open links in new tabs. A security vulnerability exists in versions prior to Open Link 1.0.5, which stems from a cross-site scripting vulnerability in the Open Link...

6.1CVSS6.3AI score0.00856EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/14 12:0 a.m.31 views

Rocky Linux 8 : python-jinja2 (RLSA-2024:3102)

The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:3102 advisory. jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-22195 Tenable has extracted the preceding description block directly...

6.1CVSS7.3AI score0.00892EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/06/13 7:15 a.m.2 views

CVE-2024-5265

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vcsingleimage shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6.1AI score0.00305EPSS
Exploits0References3
NVD
NVD
added 2024/06/13 6:15 a.m.24 views

CVE-2024-5757

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00401EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.5 views

PT-2024-4476 · Mozilla +1 · Firefox For Ios +1

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 127 Description: The issue is related to errors in the representation of information by the user interface. It may allow a remote attacker to conduct spoofing attacks using the cpLocation attribute, potential...

6.4CVSS6.3AI score0.00244EPSS
Exploits0References7
Veracode
Veracode
added 2024/06/12 6:7 a.m.19 views

Improper Access Control

scikit-learn is vulnerable to Improper Access Control. The vulnerability is due to the unexpected storage of all tokens in the stopwords attribute, which can leak sensitive information such as passwords or keys when using the TfidfVectorizer class...

4.7CVSS6.3AI score0.00187EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2024/06/12 3:20 a.m.3 views

SUSE CVE-2024-5206

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

5.5CVSS7.4AI score0.00187EPSS
Exploits0References4
OSV
OSV
added 2024/06/11 9:15 p.m.3 views

CVE-2024-5646

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00314EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/06/11 5:35 p.m.6 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.6 views

PT-2024-36819 · WordPress · Futurio Extra

Name of the Vulnerable Software and Affected Versions: Futurio Extra plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is related to Stored Cross-Site Scripting via the header size attribute within the Advanced Text Block widget due to insufficient input sanitizatio...

6.4CVSS6.3AI score0.00314EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/06/10 6:41 p.m.3 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
OSV
OSV
added 2024/06/07 9:38 p.m.9 views

GHSA-GWPM-PM6X-H7RJ ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags`

ZendFilterStripTags is a filtering class analogous to PHP's striptags function. In addition to stripping HTML tags and selectively keeping those provided in a whitelist, it also provides the ability to whitelist specific attributes to retain per whitelisted tag. The reporter discovered that...

6.1CVSS5.4AI score
Exploits0References3
Rows per page
Query Builder