8539 matches found
GHSA-GWPM-PM6X-H7RJ ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags`
ZendFilterStripTags is a filtering class analogous to PHP's striptags function. In addition to stripping HTML tags and selectively keeping those provided in a whitelist, it also provides the ability to whitelist specific attributes to retain per whitelisted tag. The reporter discovered that...
CVE-2024-5640
The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and...
CVE-2024-5425
The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-37383
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes...
CVE-2024-1988
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributevalue function due to improper sanitization of SVG animate attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into ...
WordPress WP jQuery Lightbox plugin <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via title Attribute vulnerability discovered by Webbernaut in WordPress Plugin WP jQuery Lightbox versions = 1.5.4...
WordPress plugin Combo Blocks security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
scikit-learn sensitive data leakage vulnerability
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...
DEBIAN-CVE-2024-5206
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...
PYSEC-2024-110
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...
CVE-2024-5452 RCE via Property/Class Pollution in lightning-ai/pytorch-lightning
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...
PT-2024-36811 · WordPress · The Prime Slider – Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Prime Slider – Addons For Elementor plugin for WordPress versions up to, and including, 3.14.7 Description: The issue is related to Stored Cross-Site Scripting via the id attribute within the Pacific widget due to insufficient input...
Pytorch-Lightning Security Vulnerability
Pytorch-Lightning is an open source lightweight PyTorch wrapper. It is used for high performance Ai research. A security vulnerability exists in Pytorch-Lightning version 2.2.1, which stems from mishandling of deserialized user input and mismanagement of the dunder attribute, leading to a remote...
PT-2024-36129 · WordPress · Wp Jquery Lightbox
Name of the Vulnerable Software and Affected Versions: WP jQuery Lightbox plugin for WordPress versions up to, and including, 1.5.4 Description: The issue is related to Stored Cross-Site Scripting via the title attribute due to insufficient input sanitization and output escaping. This allows...
kernel: USB: core: Fix deadlock in port "disable" sysfs attribute
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port disable sysfs attribute The Linux kernel CVE team has assigned CVE-2024-26933 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050123-CVE-2024-26933-c18d@gregkh/T...
CVE-2024-5571
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and...
kernel: USB: core: Fix deadlock in port "disable" sysfs attribute
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port disable sysfs attribute The Linux kernel CVE team has assigned CVE-2024-26933 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050123-CVE-2024-26933-c18d@gregkh/T...
CVE-2024-4637
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...
CVE-2024-36017
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...