GO-2026-4782 Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications in github.com/mattermost/mattermost-plugin-boards

Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications in github.com/mattermost/mattermost-plugin-boards...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the comment block modification process. An attacker can alter comments created by other users by leveraging editor permissions without proper authorization checks. Remediation Upgrade...

EUVD-2019-11895

Malware in sbrugna...

EUVD-2024-0599

Malicious code in bioql PyPI...

CVE-2023-22419

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a special...

CVE-2019-2253

Buffer over-read can occur while parsing an ogg file with a corrupted comment block. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607,...

BIT-WORDPRESS-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

BIT-WORDPRESS-MULTISITE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

CVE-2024-4439

WordPress Core prior to 6.5.2 is affected by CVE-2024-4439: a stored XSS in user display names used in the Avatar block, due to insufficient output escaping. The issue allows authenticated attackers with contributor-level access and above to inject scripts, and can also affect unauthenticated use...

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core

WordPress 6.5.2 was released yesterday, on April 9, 2024. It included a single security patch, along with a handful of bug fixes. The security patch was for a Stored Cross-Site Scripting vulnerability that could be exploited by both unauthenticated users, when a comment block is present on a page...

CVE-2024-25983

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available e.g., on their profile page...

CVE-2023-22419

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a special...