8549 matches found
CVE-2024-27913
ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...
WordPress Plugin Paid Membership Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin Advanced iFrame Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CentOS 9 : tomcat-9.0.62-14.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the tomcat-9.0.62-14.el9 build changelog. - not including the secure attribute causes information CVE-2023-28708 - The fix for CVE-2023-24998 was incomplete for Apache Tomcat...
Design/Logic Flaw
ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...
FRRouting Security Vulnerabilities
FRRouting is an open source network routing software suite from the FRRouting Project that runs on Unix-like platforms. A security vulnerability exists in FRRouting 9.1 and earlier versions , the vulnerability stems from a missing attribute field , a remote attacker can cause a denial of service...
CVE-2024-27913
ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...
CVE-2024-27913
ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...
CVE-2024-1323
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2024-21501
An information exposure flaw was found in the sanitize-html package, when used on the backend with the style attribute allowed. This issue may allow an attacker to enumerate files in the system, including project dependencies, to gather details about the file system structure and dependencies of...
CVE-2024-27444
langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...
Information Exposure
sanitize-html is vulnerable to Information Exposure. The vulnerability is due to the parsing of CSS through the style attribute without disabling source maps, which can allow attackers to infer the file system structure and dependencies of the server...
GHSA-RM97-X556-Q36H sanitize-html Information Exposure vulnerability
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...
sanitize-html Information Exposure vulnerability
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...
DEBIAN-CVE-2024-21501
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...
UBUNTU-CVE-2024-21501
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...
CVE-2024-21501
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...
Design/Logic Flaw
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...
CVE-2024-21501
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...
ProfilePress < 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode
Description The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's reg-select-role shortcode in all versions up to, and including, 4.15.0 due to...