Bitdefender Total Security 信任管理问题漏洞

Bitdefender Total Security is a proactive threat protection software for PCs from the Romanian company Bitdefender. The software features antivirus, firewall, anti-spyware, privacy control, and parental control. It also includes features such as System TuneUp. A trust management issue vulnerabili...

ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption. To demonstrate...

CVE-2024-6757 Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the getimagealt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

WordPress Elementor plugin <= 3.24.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt function vulnerability

Authenticated Contributor+ Basic Information Exposure via getimagealt function vulnerability discovered by stealthcopter in WordPress Plugin Elementor Website Builder versions = 3.24.5...

PYSEC-2024-196

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio...

Gradio's CORS origin validation accepts the null origin

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthorized requests fr...

GHSA-89V2-PQFV-C5R9 Gradio's CORS origin validation accepts the null origin

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthorized requests fr...

CentOS 6 : chromium-browser (RHSA-2020:3377)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3377 advisory. - Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via ...

WordPress WP Cleanup and Basic Functions Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Cleanup and Basic Functions Type Plugin Vulnerable versions = 2.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9455 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 039af66fda0d Credits Francesco...

WordPress plugin WP Cleanup and Basic Functions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Timing Attack

basic-auth-connect is vulnerable to Timing Attack. The vulnerability is due to improper implementation of the equality comparison, where the comparison function reveals differences in the time taken to process incorrect versus correct input, allowing an attacker to infer sensitive information bas...

CVE-2024-47178

A flaw was found in the basic-auth-connect package. Affected versions use a timing-unsafe equality comparison that can potentially leak timing information. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

20231122-npm (=1.0.0), @3dr/potree (=1.6.0) +3220 more potentially affected by CVE-2024-47178 via basic-auth-connect (=1.0.0)

basic-auth-connect NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on basic-auth-connect and may be impacted: - 20231122-npm =1.0.0 - @3dr/potree =1.6.0 - @inlimbo/nativeui =0.0.1, =0.0.0, =0.20.0, =0.0.1, =0.0.1, =0.0.1, =1.0.1, =0.0.1...

basic-auth-connect's callback uses time unsafe string comparison

Impact basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information Patches this issue has been fixed in basic-auth-connect 1.1.0 References...

CVE-2024-47178

basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...

CVE-2024-47178 basic-auth-connect's callback uses time unsafe string comparison

basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...

CVE-2024-47178

The CVE-2024-47178 issue affects basic-auth-connect (

CVE-2024-47178 basic-auth-connect's callback uses time unsafe string comparison

basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...

basic-auth-connect 安全漏洞

basic-auth-connect is an expressjs open source basic authentication middleware for nodes and connections. A security vulnerability exists in basic-auth-connect versions prior to 1.1.0, which stems from the use of timing insecure equality comparisons, which can leak timing information...

PT-2024-32459 · Unknown · Basic-Auth-Connect

Name of the Vulnerable Software and Affected Versions: basic-auth-connect versions prior to 1.1.0 Description: The issue concerns a timing-unsafe equality comparison in basic-auth-connect that can leak timing information. This comparison can potentially allow an attacker to observe differences in...