57 matches found
CVE-2016-10893
The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests...
EUVD-2021-1793
Malware in sbrugna...
EUVD-2022-49942
Malicious code in bioql PyPI...
EUVD-2023-54732
Malicious code in bioql PyPI...
CVE-2023-4893
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
CVE-2022-47167
Cross-Site Request Forgery CSRF vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin = 2.8.4 versions...
CVE-2020-35889
An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike...
crayon-audio (>=0.6.0 <=0.7.1) potentially affected by unknown CVE via crayon (>=0.6.0 <=0.7.1)
crayon CARGO version =0.6.0, =0.6.0, =0.7.1 Source cves: unknown CVE Source advisory: OSV:GHSA-XFHW-6MC4-MGXF...
crayon: ObjectPool creates uninitialized memory when freeing objects
As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its type parameter when it attempts to free an object, and swaps it into the storage. This causes instant undefined behavior due to reading the uninitialized memory in order to write it to the pool storage...
GHSA-XFHW-6MC4-MGXF crayon: ObjectPool creates uninitialized memory when freeing objects
As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its type parameter when it attempts to free an object, and swaps it into the storage. This causes instant undefined behavior due to reading the uninitialized memory in order to write it to the pool storage...
crayon-audio (>=0.6.0 <=0.7.1) potentially affected by unknown CVE via crayon (>=0.6.0 <=0.7.1)
crayon CARGO version =0.6.0, =0.6.0, =0.7.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0018...
RUSTSEC-2024-0018 ObjectPool creates uninitialized memory when freeing objects
As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its type parameter when it attempts to free an object, and swaps it into the storage. This causes instant undefined behavior due to reading the uninitialized memory in order to write it to the pool storage...
CVE-2023-4893
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
CVE-2023-4893
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
Server side request forgery (ssrf)
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
CVE-2023-4893 Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
CVE-2023-4893
The CVE-2023-4893 entry concerns the Crayon Syntax Highlighter WordPress plugin. A SSRF vulnerability exists via the crayon shortcode in versions up to and including 2.8.4, allowing authenticated attackers with contributor-level permissions or higher to make web requests from the affected site to...
CVE-2023-4893 Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
Crayon Syntax Highlighter <= 2.8.4 - Contributor+ Server Side Request Forgery
Description The plugin is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web applicati...
WordPress plugin Crayon Syntax Highlighter Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...