557 matches found
CVE-2025-60249
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...
CVE-2025-60249
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...
CVE-2025-60249
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...
CVE-2025-60249
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...
CVE-2025-60249
CVE-2025-60249 affects vulnerability-lookup 2.16.0 and enables XSS via Bundles, Comments, and Sightings components (bundle.py, comment.py, user.py). The root cause is unsafe handling of user-supplied input, with untrusted data rendered in templates/tables due to innerHTML usage and insufficient v...
CVE-2025-60249
vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...
MultiFuzz: a Dense Retrieval-Based Multi-Agent System for Network Protocol Fuzzing
Traditional protocol fuzzing techniques, such as those employed by AFL-based systems, often lack effectiveness due to a limited semantic understanding of complex protocol grammars and rigid seed mutation strategies. Recent works, such as ChatAFL, have integrated Large Language Models LLMs to guid...
CVE-2024-9829
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwaphandledownloaduser' and 'dpwaphandledownloadcomment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, wit...
CVE-2019-11548
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint...
CVE-2025-1513
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Name and Comment field when commenting on photo gallery entries in all versio...
CVE-2024-50123
In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPFLINKTYPE invocation for sockmap There is an out-of-bounds read in bpflinkshowfdinfo for the sockmap link fd. Fix it by adding the missing BPFLINKTYPE invocation for sockmap link Also add comments for...
CVE-2024-50123 bpf: Add the missing BPF_LINK_TYPE invocation for sockmap
In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPFLINKTYPE invocation for sockmap There is an out-of-bounds read in bpflinkshowfdinfo for the sockmap link fd. Fix it by adding the missing BPFLINKTYPE invocation for sockmap link Also add comments for...
CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...
WordPress Enable Shortcodes inside Widgets,Comments and Experts plugin <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Enable Shortcodes inside Widgets,Comments and Experts versions = 1.0.0...
WordPress Enable Shortcodes inside Widgets,Comments and Experts Plugin <= 1.0.0 is vulnerable to Arbitrary Code Execution
Software Enable Shortcodes inside Widgets,Comments and Experts Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9846 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 5e00f716955b Credits...
CVE-2022-49001 riscv: fix race when vmap stack overflow
In the Linux kernel, the following vulnerability has been resolved: riscv: fix race when vmap stack overflow Currently, when detecting vmap stack overflow, riscv firstly switches to the so called shadow stack, then use this shadow stack to call the getoverflowstack to get the overflow stack...
CVE-2024-49216 WordPress Feed Comments Number plugin <= 0.2.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through = 0.2.1...
CVE-2024-7514 WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access an...
CVE-2024-47816 Users can impersonate import requesters if their actor IDs coincide in ImportDump
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can ac...