8544 matches found
CVE-2024-26836
In CVE-2024-26836, the Linux kernel flaw lies in platform/x86 think-lmi where the password opcode ordering must occur before changing the attribute value for Lenovo workstations with Admin password enabled. The fix adjusts this order to address the issue (tested on some ThinkPads). The vulnerabil...
WordPress Essential Addons for Elementor plugin <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute vulnerability
Authenticated Contributor+ Store Cross-Site Scripting via Widget URL Attribute vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Essential Addons for Elementor versions = 5.9.14...
GHSA-G7XQ-XV8C-H98C Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that the size of NLABE32 in the minlen array is 0, and therefore validation code will read a...
PT-2024-4898 · Oracle · Oracle E-Business Suite
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Attribute Admin Setup component of Oracle Partner Management. This allows an unauthenticated attacker with netwo...
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...
AnythingLLM 安全漏洞
AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has a security vulnerability that stems from the lack of a black and white attribute list, allowing an attacker to create elevated privilege accounts without authorization...
CVE-2024-2583
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks...
CVE-2024-31981 XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically...
CVE-2024-26815
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCATAPRIOTCENTRYINDEX check taprioparsetcentry is not correctly checking TCATAPRIOTCENTRYINDEX attribute: int tc; // Signed value tc = nlagetu32tbTCATAPRIOTCENTRYINDEX; if tc = TCQOPTMAXQUEUE...
CVE-2024-3266
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-3053
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminatorform shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-2513
The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageAlt' block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Plugin Rank Math SEO with AI SEO Tools 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin Elementor Addons by Livemesh 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...
PT-2024-20769 · WordPress · Wp Chat App
Name of the Vulnerable Software and Affected Versions: WP Chat App plugin for WordPress versions up to, and including, 3.6.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the imageAlt block attribute. This allows...
WordPress Plugin Elementor Addons by Livemesh 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...
WordPress Plugin WP Chat App 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...
WordPress Plugin Page Builder: Pagelayer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Page Builder: A security...