CVE-2024-47816 Users can impersonate import requesters if their actor IDs coincide in ImportDump

ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can ac...

CVE-2024-8481

CVE-2024-8481 affects the WordPress plugin Special Text Boxes up to 6.2.2 due to the filter add_filter('comment_text','do_shortcode') allowing unauthenticated arbitrary shortcode execution in comments. A patch exists; upgrade to 6.2.4 or later to remediate.

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : systemd (SUSE-SU-2024:3149-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3149-1 advisory. - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when...

EulerOS 2.0 SP12 : golang (EulerOS-SA-2024-2214)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaini...

CVE-2023-1604

The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configurationpage function. This makes it possible for unauthenticated attackers to add and import redirects, includi...

golang: net/mail: comments in display names are incorrectly handled

A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...

CVE-2024-6704

The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing...

CVE-2024-6704

The CVE-2024-6704 entry applies to the WordPress plugin Comments – wpDiscuz. Affected versions are

Exploit for Code Injection in Get-Simple Getsimple_Cms

CVE-2022-41544 Exploit Script This repository contains a scri...

Heap-based Buffer Overflow

fiona is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to improper handling of long filenames, comments, or extra fields in within zlib components that contain integer overflow vulnerabilities, which can result in an application crash or potential code execution...

Cross-Site Request Forgery (CSRF)

ProcessWire is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to inadequate handling of comments functionality, which allows a remote attacker to comment as another user...

Cross Site Scripting(XSS)

Calibre-Web is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization performed by the cleanstring function, which allows an attacker perform XSS by inserting a payload into the comments field...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

CVE-2024-34481

CVE-2024-34481 affects Drupal Wiki prior to 8.31.1 and is described as allowing cross-site scripting (XSS) via comments, captions, and image titles on a Wiki page. The connected sources (Red Hat, Ubuntu, OSV, CVE listings) consistently report the same description. The root cause details are not e...

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

New Blog Moderation Policy

There has been a lot of toxicity in the comments section of this blog. Recently, were having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. Its gotten so bad that I need to do something. My options are limited because Im just one...