Lucene search
K

294 matches found

Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.6 views

PT-2024-16982 · WordPress · Catch Popup

Name of the Vulnerable Software and Affected Versions: Catch Popup plugin for WordPress versions up to and including 1.4.4 Description: The issue is related to stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the catch-popup...

6.4CVSS6.2AI score0.00431EPSS
Exploits0References6
NVD
NVD
added 2024/11/25 10:15 p.m.19 views

CVE-2024-53098

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...

7.8CVSS0.00214EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.2 views

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, and 8.3. before 8.3.12, when using PHP-FPM SAPI and the option catchworkersoutput is set to yes, it is possible to manipulate the log messages by removing up to 4 characters from the log messages. Additionally, if PHP-FPM is configured to us...

3.3CVSS6.6AI score0.00482EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/11/22 8:40 p.m.17 views

smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash because of a stack overflow caused by a deeply nested inline structure. A similar problem occurs when attempting to stringify deeply nested objects. The library does not limit the maximum exploration depth while...

7.7AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/08 4:15 a.m.2 views

DEBIAN-CVE-2024-9026

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

3.3CVSS6.2AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2024/10/08 4:15 a.m.7 views

AZL-50172 CVE-2024-9026 affecting package php for versions less than 8.3.12-1

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

3.3CVSS6.5AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2024/10/06 1:15 p.m.7 views

CVE-2024-44010

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2.7.2...

5.1CVSS5.8AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/06 12:51 p.m.23 views

CVE-2024-44010 WordPress Full frame theme <= 2.7.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Full frame full-frame allows Stored XSS.This issue affects Full frame: from n/a through = 2.7.2...

5.1CVSS0.00204EPSS
Exploits0References1
OSV
OSV
added 2024/10/06 12:15 p.m.5 views

CVE-2024-47313

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3.4.6...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2024/10/06 12:15 p.m.13 views

CVE-2024-47313

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Catch Base catch-base allows Stored XSS.This issue affects Catch Base: from n/a through = 3.4.6...

5.1CVSS0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/06 11:23 a.m.10 views

CVE-2024-47313 WordPress Catch Base theme <= 3.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3.4.6...

5.1CVSS6.8AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/06 11:23 a.m.20 views

CVE-2024-47313 WordPress Catch Base theme <= 3.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Catch Base catch-base allows Stored XSS.This issue affects Catch Base: from n/a through = 3.4.6...

5.1CVSS0.00227EPSS
Exploits0References1
CVE
CVE
added 2024/10/06 11:23 a.m.52 views

CVE-2024-47313

CVE-2024-47313: WordPress Catch Base theme

5.1CVSS5.9AI score0.00227EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/06 10:15 a.m.5 views

CVE-2024-47356

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1...

5.9CVSS5.8AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/06 10:1 a.m.36 views

CVE-2024-47356 WordPress Create theme <= 2.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Create create allows Stored XSS.This issue affects Create: from n/a through = 2.9.1...

5.1CVSS0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/06 12:0 a.m.5 views

WordPress plugin Catch Base 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.1CVSS6.1AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.4 views

PT-2024-32525

Name of the Vulnerable Software and Affected Versions Catch Base versions through 3.4.6 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations For versions through...

5.1CVSS5.5AI score0.00227EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.4 views

PT-2024-32572

Name of the Vulnerable Software and Affected Versions Catch Themes Create versions prior to 2.9.2 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can inject...

5.9CVSS5.8AI score0.0021EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.6 views

PT-2024-30876

Name of the Vulnerable Software and Affected Versions Catch Themes Full frame versions 2.7.2 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a Stored XSS vulnerability. This...

5.1CVSS5.5AI score0.00204EPSS
Exploits0References10
OSV
OSV
added 2024/09/27 12:0 a.m.2 views

UBUNTU-CVE-2024-9026

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

3.3CVSS6.6AI score0.00482EPSS
Exploits1References4
Rows per page
Query Builder