SUSE CVE-2024-36472

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

CVE-2024-36472

A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...

CVE-2024-36472

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

DEBIAN-CVE-2024-36472

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

CVE-2024-36472

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

Fedora 40 : buildah (2024-77a0ab280f)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-77a0ab280f advisory. Security fix for CVE-2024-3727 Automatic update for buildah-1.35.4-1.fc40. Changelog for buildah Fri May 10 2024 Packit - 1.35.4-1 - Update to 1.35.4 upstrea...

Fedora: Security Advisory (FEDORA-2024-94a155818c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-9cce1f4b49)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Automatic Translator with Auto Translate Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Automatic Translator with Auto Translate Type Plugin Vulnerable versions = 1.5.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0632 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 37c2d281da0f Credits...

WordPress plugin Automatic Translator with Google Translate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Automatic plugin <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via autoplay Parameter vulnerability discovered by haidv35 in WordPress Plugin Automatic versions = 3.94.0...

WordPress Automatic Plugin <= 3.94.0 is vulnerable to Cross Site Scripting (XSS)

Software Automatic Type Plugin Vulnerable versions = 3.94.0 Fixed in 3.95.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4849 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c71dc29444f6 Credits haidv35 Required privilege...

CVE-2024-4849

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4849 WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4849 WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4849

CVE-2024-4849 (WordPress Automatic Plugin) is a Stored XSS in the WordPress Automatic Plugin for WordPress, affecting all versions up to 3.94.0 due to insufficient input sanitization and output escaping in the autoplay parameter. Exploitation requires authenticated access at Contributor level or ...

WordPress Plugin WordPress Automatic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-33126 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin plugin for WordPress versions up to, and including, 3.94.0 Description: The issue is related to Stored Cross-Site Scripting via the autoplay parameter due to insufficient input sanitization and output escaping. This...

CVE-2024-27955

Cross-Site Request Forgery CSRF vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0...

CVE-2024-27954

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0...