Lucene search
K

8549 matches found

CVE
CVE
added 2024/04/26 5:0 a.m.77 views

CVE-2024-3188

CVE-2024-3188 affects the WordPress plugin Shortcodes Ultimate (Shortcodes Plugin) up to version 7.0.x (pre-7.1.0). The issue is a lack of validation/escaping of certain shortcode attributes, which are output back into the page/post containing the shortcode. This can enable Stored Cross-Site Scri...

6.3CVSS8AI score0.00438EPSS
Exploits2References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/23 5:18 p.m.2 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
CVE
CVE
added 2024/04/23 5:33 a.m.65 views

CVE-2024-2799

CVE-2024-2799 affects the Royal Elementor Addons and Templates WordPress plugin. The issue is stored XSS via Image Grid and Advanced Text widgets due to insufficient input sanitization and output escaping in user-supplied attributes, allowing an authenticated attacker with contributor+ privileges...

6.4CVSS5.7AI score0.00434EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/04/19 10:34 a.m.26 views

Denial Of Service (DoS)

FRRouting/frr is vulnerable to Denial of Service DoS. This vulnerability occurs due to improper handling of the Prefix SID attribute in the bgpattrmalformed function within bgpattr.c, leading to a crash of the bgpd daemon...

6.5CVSS6.3AI score0.00825EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.26 views

EulerOS Virtualization 2.10.1 : python-jinja2 (EulerOS-SA-2024-1554)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax...

6.1CVSS7.5AI score0.00892EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/04/18 2:31 a.m.5 views

SUSE CVE-2023-52643

In the Linux kernel, the following vulnerability has been resolved: iio: core: fix memleak in iiodeviceregistersysfs When iiodeviceregistersysfsgroup fails, we should free iiodevopaque-chanattrgroup.attrs to prevent potential memleak...

4.7CVSS6.3AI score0.00225EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/04/18 2:30 a.m.4 views

SUSE CVE-2024-26836

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed if Admin password is enabled. Tested on some Thinkpads to...

4.3CVSS6.5AI score0.00231EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2024/04/18 1:56 a.m.4 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.4 views

PT-2024-21797 · WordPress · Otter Blocks

Name of the Vulnerable Software and Affected Versions: Otter Blocks WordPress plugin versions prior to 2.6.6 Description: The issue arises from the Otter Blocks WordPress plugin not properly escaping its mainHeadings blocks' attribute before appending it to the final rendered block. This allows...

6.1CVSS9AI score0.0042EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.3 views

WordPress Plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References3
CVE
CVE
added 2024/04/17 9:23 p.m.73 views

CVE-2024-32472

The CVE-2024-32472 entry details a stored XSS in Excalidraw’s web embeddable component. Two vectors exist: (1) untrusted content rendered as an iframe srcdoc without proper HTML sanitization, and (2) improper sanitization against attribute HTML injection, exacerbated by allow-same-origin in the s...

6.1CVSS6.1AI score0.00561EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/04/17 5:31 p.m.4 views

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +79 more potentially affected by CVE-2024-2419 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.3.2, =1.3.6 - io.github.jeff-tian:keycloak-phone-provider =2.3.10 and more Source cves: CVE-2024-2419 Source advisor...

7.1CVSS7AI score0.00495EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/04/17 5:30 p.m.28 views

CVE-2024-26836

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed if Admin password is enabled. Tested on some Thinkpads to...

4.4CVSS7.4AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/17 3:29 p.m.25 views

CVE-2024-32463 phlex makes Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. The filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag...

7.1CVSS6.5AI score0.00575EPSS
Exploits0References4
CVE
CVE
added 2024/04/17 3:29 p.m.49 views

CVE-2024-32463

The CVE-2024-32463 entry concerns phlex, a Ruby-based open source framework for building object-oriented views. The vulnerability is an XSS flaw in the handling of href attributes on tags, where the javascript: scheme can be bypassed by inserting tab or newline characters (e.g., java\tscript:). ...

7.1CVSS5.5AI score0.00575EPSS
Exploits0References4
Veracode
Veracode
added 2024/04/17 11:30 a.m.16 views

Cross Site Scripting (XSS)

phlex is vulnerable to Cross Site Scripting. The vulnerability is due improper filtering of javascript: URL scheme within the href attribute of an tag, which allows an attacker to insert tab \t or newline \n characters between the characters of the protocol, resulting in Cross Site Scripting...

7.1CVSS6.7AI score0.00575EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/04/17 11:15 a.m.1 views

DEBIAN-CVE-2024-26849

In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nlavalidaterangeunsigned lib/nlattr.c:222 inline BUG: KMSAN: uninit-value in nlavalidateintrange lib/nlattr.c:336 inline BUG: KMSAN: uninit-value in...

5.5CVSS4.9AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2024/04/17 11:15 a.m.14 views

CVE-2024-26849

In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nlavalidaterangeunsigned lib/nlattr.c:222 inline BUG: KMSAN: uninit-value in nlavalidateintrange lib/nlattr.c:336 inline BUG: KMSAN: uninit-value in...

5.5CVSS6.3AI score0.00223EPSS
Exploits0References6
CVE
CVE
added 2024/04/17 10:17 a.m.173 views

CVE-2024-26855

CVE-2024-26855 – Linux kernel (net/ice) : The vulnerability is a NULL pointer dereference in ice_bridge_setlink(). If nlmsg_find_attr() returns NULL, br_spec may be dereferenced during nla_for_each_nested(), causing a crash/local impact. The fix adds an explicit check that br_spec is not NULL bef...

5.5CVSS6.2AI score0.00252EPSS
Exploits0References9Affected Software1
UbuntuCve
UbuntuCve
added 2024/04/17 10:15 a.m.22 views

CVE-2024-26836

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed if Admin password is enabled. Tested on some Thinkpads to...

7.8CVSS6.1AI score0.00231EPSS
Exploits0References4
Rows per page
Query Builder