Lucene search
K

8544 matches found

CVE
CVE
added 2024/04/17 10:10 a.m.104 views

CVE-2024-26836

In CVE-2024-26836, the Linux kernel flaw lies in platform/x86 think-lmi where the password opcode ordering must occur before changing the attribute value for Lenovo workstations with Admin password enabled. The fix adjusts this order to address the issue (tested on some ThinkPads). The vulnerabil...

7.8CVSS6.8AI score0.00231EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/17 3:33 a.m.3 views

WordPress Essential Addons for Elementor plugin <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute vulnerability

Authenticated Contributor+ Store Cross-Site Scripting via Widget URL Attribute vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Essential Addons for Elementor versions = 5.9.14...

6.4CVSS6.4AI score0.00402EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/17 12:20 a.m.13 views

GHSA-G7XQ-XV8C-H98C Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...

7.1CVSS6.3AI score0.00575EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/04/17 12:20 a.m.25 views

Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...

7.1CVSS5.9AI score0.00575EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that the size of NLABE32 in the minlen array is 0, and therefore validation code will read a...

5.5CVSS6.4AI score0.00223EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.7 views

PT-2024-4898 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Attribute Admin Setup component of Oracle Partner Management. This allows an unauthenticated attacker with netwo...

5CVSS6.8AI score0.00382EPSS
Exploits0References6
RubySec
RubySec
added 2024/04/16 12:0 a.m.15 views

Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...

7.1CVSS5.9AI score0.00575EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.2 views

AnythingLLM 安全漏洞

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has a security vulnerability that stems from the lack of a black and white attribute list, allowing an attacker to create elevated privilege accounts without authorization...

9.1CVSS9.2AI score0.00783EPSS
Exploits1References2
OSV
OSV
added 2024/04/13 5:15 a.m.2 views

CVE-2024-2583

The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks...

5.4CVSS5.8AI score0.00403EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/10 7:22 p.m.21 views

CVE-2024-31981 XWiki Platform: Privilege escalation (PR) from user registration through PDFClass

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically...

9.9CVSS9.9AI score0.01447EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2024/04/10 11:15 a.m.23 views

CVE-2024-26815

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCATAPRIOTCENTRYINDEX check taprioparsetcentry is not correctly checking TCATAPRIOTCENTRYINDEX attribute: int tc; // Signed value tc = nlagetu32tbTCATAPRIOTCENTRYINDEX; if tc = TCQOPTMAXQUEUE...

5.5CVSS6.2AI score0.00272EPSS
Exploits0References12
OSV
OSV
added 2024/04/09 7:15 p.m.4 views

CVE-2024-3266

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00426EPSS
Exploits0References2
OSV
OSV
added 2024/04/09 7:15 p.m.5 views

CVE-2024-3053

The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminatorform shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it...

5.4CVSS5.9AI score0.00358EPSS
Exploits0References2
OSV
OSV
added 2024/04/09 7:15 p.m.3 views

CVE-2024-2513

The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageAlt' block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS7.4AI score0.0036EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

WordPress Plugin Rank Math SEO with AI SEO Tools 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS7.9AI score0.0034EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.3 views

WordPress Plugin Elementor Addons by Livemesh 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...

6.4CVSS7.7AI score0.00427EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.4 views

PT-2024-20769 · WordPress · Wp Chat App

Name of the Vulnerable Software and Affected Versions: WP Chat App plugin for WordPress versions up to, and including, 3.6.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the imageAlt block attribute. This allows...

6.4CVSS9.3AI score0.0036EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.3 views

WordPress Plugin Elementor Addons by Livemesh 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...

6.4CVSS7.7AI score0.00427EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.5 views

WordPress Plugin WP Chat App 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...

6.4CVSS7.7AI score0.0036EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

WordPress Plugin Page Builder: Pagelayer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Page Builder: A security...

6.4CVSS7.5AI score0.00429EPSS
Exploits0References4
Rows per page
Query Builder