294 matches found
PT-2024-16982 · WordPress · Catch Popup
Name of the Vulnerable Software and Affected Versions: Catch Popup plugin for WordPress versions up to and including 1.4.4 Description: The issue is related to stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the catch-popup...
CVE-2024-53098
In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...
Astra Linux – Vulnerability in PHP 8.2
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, and 8.3. before 8.3.12, when using PHP-FPM SAPI and the option catchworkersoutput is set to yes, it is possible to manipulate the log messages by removing up to 4 characters from the log messages. Additionally, if PHP-FPM is configured to us...
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Summary An attacker can send a maliciously crafted TOML to cause the parser to crash because of a stack overflow caused by a deeply nested inline structure. A similar problem occurs when attempting to stringify deeply nested objects. The library does not limit the maximum exploration depth while...
DEBIAN-CVE-2024-9026
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
AZL-50172 CVE-2024-9026 affecting package php for versions less than 8.3.12-1
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
CVE-2024-44010
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2.7.2...
CVE-2024-44010 WordPress Full frame theme <= 2.7.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Full frame full-frame allows Stored XSS.This issue affects Full frame: from n/a through = 2.7.2...
CVE-2024-47313
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3.4.6...
CVE-2024-47313
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Catch Base catch-base allows Stored XSS.This issue affects Catch Base: from n/a through = 3.4.6...
CVE-2024-47313 WordPress Catch Base theme <= 3.4.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3.4.6...
CVE-2024-47313 WordPress Catch Base theme <= 3.4.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Catch Base catch-base allows Stored XSS.This issue affects Catch Base: from n/a through = 3.4.6...
CVE-2024-47313
CVE-2024-47313: WordPress Catch Base theme
CVE-2024-47356
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1...
CVE-2024-47356 WordPress Create theme <= 2.9.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Create create allows Stored XSS.This issue affects Create: from n/a through = 2.9.1...
WordPress plugin Catch Base 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2024-32525
Name of the Vulnerable Software and Affected Versions Catch Base versions through 3.4.6 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations For versions through...
PT-2024-32572
Name of the Vulnerable Software and Affected Versions Catch Themes Create versions prior to 2.9.2 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can inject...
PT-2024-30876
Name of the Vulnerable Software and Affected Versions Catch Themes Full frame versions 2.7.2 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a Stored XSS vulnerability. This...
UBUNTU-CVE-2024-9026
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...