Lucene search
K

8549 matches found

UbuntuCve
UbuntuCve
added 2024/02/29 12:0 a.m.20 views

CVE-2024-27913

ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...

6.5CVSS6.8AI score0.0032EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.4 views

WordPress Plugin Paid Membership Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS5.9AI score0.00483EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.4 views

WordPress Plugin Advanced iFrame Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.8AI score0.00282EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.46 views

CentOS 9 : tomcat-9.0.62-14.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the tomcat-9.0.62-14.el9 build changelog. - not including the secure attribute causes information CVE-2023-28708 - The fix for CVE-2023-24998 was incomplete for Apache Tomcat...

7.5CVSS7.5AI score0.51547EPSS
Exploits1References3
Prion
Prion
added 2024/02/28 7:15 a.m.23 views

Design/Logic Flaw

ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...

7.3AI score0.0032EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.4 views

FRRouting Security Vulnerabilities

FRRouting is an open source network routing software suite from the FRRouting Project that runs on Unix-like platforms. A security vulnerability exists in FRRouting 9.1 and earlier versions , the vulnerability stems from a missing attribute field , a remote attacker can cause a denial of service...

6.5CVSS6.6AI score0.0032EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/28 12:0 a.m.18 views

CVE-2024-27913

ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...

6.7AI score0.0032EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/02/28 12:0 a.m.29 views

CVE-2024-27913

ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...

6.5CVSS6.3AI score0.0032EPSS
Exploits0
OSV
OSV
added 2024/02/27 5:15 a.m.5 views

CVE-2024-1323

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

5.4CVSS6AI score0.00486EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/02/26 6:31 p.m.27 views

CVE-2024-21501

An information exposure flaw was found in the sanitize-html package, when used on the backend with the style attribute allowed. This issue may allow an attacker to enumerate files in the system, including project dependencies, to gather details about the file system structure and dependencies of...

5.3CVSS5.1AI score0.01018EPSS
Exploits1References4
NVD
NVD
added 2024/02/26 4:28 p.m.21 views

CVE-2024-27444

langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...

9.8CVSS9.7AI score0.00766EPSS
Exploits0References1
Veracode
Veracode
added 2024/02/26 5:54 a.m.46 views

Information Exposure

sanitize-html is vulnerable to Information Exposure. The vulnerability is due to the parsing of CSS through the style attribute without disabling source maps, which can allow attackers to infer the file system structure and dependencies of the server...

5.3CVSS6.7AI score0.01018EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/02/24 6:30 a.m.0 views

GHSA-RM97-X556-Q36H sanitize-html Information Exposure vulnerability

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

5.3CVSS5.9AI score0.01018EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2024/02/24 6:30 a.m.29 views

sanitize-html Information Exposure vulnerability

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

5.3CVSS6.9AI score0.01018EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2024/02/24 5:15 a.m.4 views

DEBIAN-CVE-2024-21501

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

5.3CVSS6.8AI score0.01018EPSS
Exploits1References1
OSV
OSV
added 2024/02/24 5:15 a.m.1 views

UBUNTU-CVE-2024-21501

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

5.3CVSS7.1AI score0.01018EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2024/02/24 5:15 a.m.29 views

CVE-2024-21501

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

5.3CVSS6.8AI score0.01018EPSS
Exploits1References8
Prion
Prion
added 2024/02/24 5:15 a.m.21 views

Design/Logic Flaw

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

5CVSS6.9AI score0.01018EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/02/24 5:0 a.m.31 views

CVE-2024-21501

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

5.3CVSS5.3AI score0.01018EPSS
Exploits1References8
WPVulnDB
WPVulnDB
added 2024/02/24 12:0 a.m.21 views

ProfilePress < 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode

Description The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's reg-select-role shortcode in all versions up to, and including, 4.15.0 due to...

5.5CVSS5.6AI score0.00443EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder