Lucene search
K

8540 matches found

Vulnrichment
Vulnrichment
added 2024/05/30 12:52 p.m.19 views

CVE-2024-36017 rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

6.7AI score0.00249EPSS
Exploits0References8
OSV
OSV
added 2024/05/30 12:52 p.m.20 views

CVE-2024-36017 rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

5.5CVSS5.8AI score0.00249EPSS
Exploits0References13
Cvelist
Cvelist
added 2024/05/30 12:52 p.m.25 views

CVE-2024-36017 rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

7.4AI score0.00249EPSS
Exploits0References8
OSV
OSV
added 2024/05/30 12:19 p.m.14 views

SUSE-SU-2024:1864-1 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-34064, bsc1223980, CVE-2024-22195, bsc1218722...

6.1CVSS6.6AI score0.00979EPSS
Exploits0References5
OSV
OSV
added 2024/05/30 12:18 p.m.14 views

SUSE-SU-2024:1863-2 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-34064, bsc1223980, CVE-2024-22195, bsc1218722...

6.1CVSS6.6AI score0.00979EPSS
Exploits0References5
OSV
OSV
added 2024/05/30 12:18 p.m.14 views

SUSE-SU-2024:1863-1 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-34064, bsc1223980, CVE-2024-22195, bsc1218722...

6.1CVSS6.6AI score0.00979EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/05/30 6:15 a.m.2 views

CVE-2024-5341

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS6.1AI score0.00273EPSS
Exploits0References3
OSV
OSV
added 2024/05/30 6:15 a.m.9 views

CVE-2024-5341

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes...

5.4CVSS5.9AI score0.00273EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from a flaw in the KVM:arm64:vgic-v2 module vgicv2parseattr...

5.5CVSS6.2AI score0.00231EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.4 views

PT-2024-35733 · WordPress · The Plus Addons For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder plugin for WordPress versions up to, and including, 5.5.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the size...

6.4CVSS6.8AI score0.00273EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a flaw in the validation of the IFLAVFVLANLIST attribute of the rtnetlink module...

5.5CVSS6.3AI score0.00249EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/05/30 12:0 a.m.32 views

EulerOS 2.0 SP12 : python-jinja2 (EulerOS-SA-2024-1749)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible t...

6.1CVSS7.6AI score0.00892EPSS
Exploits0References2
OSV
OSV
added 2024/05/29 6:44 p.m.20 views

GHSA-4RMG-292M-WG3W Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag

Impact Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v4 or v5. There is no patch for v3...

7.3CVSS7.4AI score0.00507EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/28 8:55 p.m.38 views

CVE-2024-35226 PHP Code Injection by malicious attribute in extends-tag in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...

7.3CVSS7.1AI score0.00507EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/28 8:55 p.m.23 views

CVE-2024-35226 PHP Code Injection by malicious attribute in extends-tag in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...

7.3CVSS7.2AI score0.00507EPSS
Exploits0References2
OSV
OSV
added 2024/05/28 1:28 p.m.6 views

USN-6787-1 jinja2 vulnerability

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting XSS attack...

5.4CVSS6.9AI score0.00979EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/26 12:0 a.m.5 views

AnythingLLM 安全漏洞

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from vulnerability to improper neutralization in the use of special elements in expression language statements, allowing all existing attributes of a database entity to be...

4.9CVSS5.2AI score0.00356EPSS
Exploits0References3
OSV
OSV
added 2024/05/24 5:15 a.m.6 views

CVE-2024-2618

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS6AI score0.00322EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/05/23 3:24 p.m.3 views

SUSE CVE-2023-52746

In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrmxlate32attr int type = nlatypenla; if type XFRMAMAX return -EOPNOTSUPP; @type is then used as an array index and can be used as a Spectre v1 gadget. if nlalennla...

2.5CVSS6.2AI score0.00243EPSS
Exploits0References6
NVD
NVD
added 2024/05/23 6:15 a.m.13 views

CVE-2024-5177

The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter within multiple widgets in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00314EPSS
Exploits0References3
Rows per page
Query Builder