Lucene search
K

8539 matches found

OSV
OSV
added 2024/06/07 9:38 p.m.9 views

GHSA-GWPM-PM6X-H7RJ ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags`

ZendFilterStripTags is a filtering class analogous to PHP's striptags function. In addition to stripping HTML tags and selectively keeping those provided in a whitelist, it also provides the ability to whitelist specific attributes to retain per whitelisted tag. The reporter discovered that...

6.1CVSS5.4AI score
Exploits0References3
OSV
OSV
added 2024/06/07 5:15 a.m.3 views

CVE-2024-5640

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and...

5.4CVSS5.9AI score0.00321EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/06/07 4:15 a.m.2 views

CVE-2024-5425

The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References6
NVD
NVD
added 2024/06/07 4:15 a.m.27 views

CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes...

6.1CVSS0.73296EPSS
Exploits5References5
OSV
OSV
added 2024/06/07 4:15 a.m.4 views

CVE-2024-1988

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

5.4CVSS5.9AI score0.00263EPSS
Exploits0References2
Snyk
Snyk
added 2024/06/07 3:41 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributevalue function due to improper sanitization of SVG animate attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into ...

6.1CVSS5.3AI score0.73296EPSS
Exploits5References2
Patchstack
Patchstack
added 2024/06/07 2:3 a.m.6 views

WordPress WP jQuery Lightbox plugin <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via title Attribute vulnerability discovered by Webbernaut in WordPress Plugin WP jQuery Lightbox versions = 1.5.4...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.4 views

WordPress plugin Combo Blocks security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS6.1AI score0.00263EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.84 views

scikit-learn sensitive data leakage vulnerability

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

4.7CVSS6.5AI score0.00187EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/06/06 7:16 p.m.4 views

DEBIAN-CVE-2024-5206

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

4.7CVSS5.4AI score0.00187EPSS
Exploits0References1
OSV
OSV
added 2024/06/06 7:16 p.m.15 views

PYSEC-2024-110

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

4.7CVSS4.6AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/06 5:54 p.m.50 views

CVE-2024-5452 RCE via Property/Class Pollution in lightning-ai/pytorch-lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS0.26488EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.6 views

PT-2024-36811 · WordPress · The Prime Slider – Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Prime Slider – Addons For Elementor plugin for WordPress versions up to, and including, 3.14.7 Description: The issue is related to Stored Cross-Site Scripting via the id attribute within the Pacific widget due to insufficient input...

6.4CVSS6AI score0.00321EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.24 views

Pytorch-Lightning Security Vulnerability

Pytorch-Lightning is an open source lightweight PyTorch wrapper. It is used for high performance Ai research. A security vulnerability exists in Pytorch-Lightning version 2.2.1, which stems from mishandling of deserialized user input and mismanagement of the dunder attribute, leading to a remote...

9.8CVSS7.9AI score0.26488EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.2 views

PT-2024-36129 · WordPress · Wp Jquery Lightbox

Name of the Vulnerable Software and Affected Versions: WP jQuery Lightbox plugin for WordPress versions up to, and including, 1.5.4 Description: The issue is related to Stored Cross-Site Scripting via the title attribute due to insufficient input sanitization and output escaping. This allows...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/06/05 10:5 a.m.8 views

kernel: USB: core: Fix deadlock in port &#34;disable&#34; sysfs attribute

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port disable sysfs attribute The Linux kernel CVE team has assigned CVE-2024-26933 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050123-CVE-2024-26933-c18d@gregkh/T...

7.8CVSS6.4AI score0.00179EPSS
Exploits0References5
OSV
OSV
added 2024/06/05 9:15 a.m.2 views

CVE-2024-5571

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and...

5.4CVSS6AI score0.00314EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/06/05 12:36 a.m.6 views

kernel: USB: core: Fix deadlock in port &#34;disable&#34; sysfs attribute

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port disable sysfs attribute The Linux kernel CVE team has assigned CVE-2024-26933 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050123-CVE-2024-26933-c18d@gregkh/T...

7.8CVSS6.4AI score0.00179EPSS
Exploits0References5
OSV
OSV
added 2024/06/04 10:15 a.m.3 views

CVE-2024-4637

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

5.4CVSS5.9AI score0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/06/03 9:1 a.m.29 views

CVE-2024-36017

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

4.1CVSS6.2AI score0.00249EPSS
Exploits0References4
Rows per page
Query Builder