CVE-2024-41845

CVE-2024-41845 concerns Adobe Experience Manager (AEM) versions 6.5.20 and earlier, which are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The public description states malicious JavaScript can be executed in a victim’s browser when visiting a page cont...

Atlassian Confluence Data Center and Server 安全漏洞

Atlassian Confluence Data Center and Server is a data center of Atlassian Australia. A security vulnerability exists in Atlassian Confluence Data Center and Server. An attacker could exploit this vulnerability to execute arbitrary HTML or JavaScript code on the victim's browser. The following...

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious...

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6 2024.06 that stems from susceptibility to a stored cross-site scripting attack in which an attacker stores malicious code in a trusted applicati...

CVE-2024-36986 Risky command safeguards bypass through Search ID query in Analytics Workspace

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics...

Splunk Config Explorer 安全漏洞

Splunk Config Explorer is an editor interface by Chris Younger, a personal developer. A security vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. An attacker can exploit the vulnerability to execute arbitrary scripts on a web browser...

Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS

Description The plugin does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site...

Login as User or Customer <= 3.8 - Admin Account Takeover

Description The plugin does not prevent users to log in as any other user on the site. 1. As an admin, log in as some user. Note the user ID. 2. Run the following curl command, filling in the ADMINID and the USERID: curl -v https://example.com/wp-admin/admin-ajax.php -H 'Cookie:...

CVE-2023-48642

Archer Platform 6.x before 6.13 P2 6.13.0.2 contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through...

Code injection

ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...

Progress MOVEit Transfer Cross-Site Scripting Vulnerability

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer. An attacker could exploit the vulnerability to execute malicious JavaScript in the victim's browser environment...

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The plugin does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site,...

The vulnerability of the mechanism for detecting malicious scripts in the Browser Exploit Detection (TmsaInstance64.exe) of Trend Micro’s anti-virus software products Apex One and Apex One as a Service allows attackers to enhance their privileges.

The vulnerability of the Browser Exploit Detection mechanism in anti-virus software programs like Trend Micro Apex One and Apex One as a Service is related to incorrect handling of links before accessing files. Exploiting this vulnerability can allow attackers to gain increased privileges...

Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

PT-2023-1524 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: A security agent link following issue could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation...

Exploit for Code Injection in Ejs

CVE-2022-29078 vuln ejs 3.1.6 docker Setup git clone h...

Formstone Vulnerable to Reflected XSS

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting XSS vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in...

webTareas Code Issues Vulnerabilities

webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas 2.4 and earlier versions that allows an attacker to exploit the platform by...

Fixed vulnerability in Big-IP Access Policy Manager (APM).

The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code on the browser of the victim. To do this, the malicious party must trick the victim into to follow a rogue hyperlink. BIG-IP has released updates to fix the vulnerability. More information can be...

Unspecified Vulnerability in JetBrains Code With Me

JetBrains Code With Me is a plug-in application from the Czech company JetBrains that provides code co-editing for the IntelliJ IDE. A security vulnerability exists in JetBrains Code With Me versions prior to 2021.1. An attacker can exploit the vulnerability to open a browser on the host computer...