176 matches found
Important: Red Hat Security Advisory: buildah security update
An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CVE-2024-29897
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...
Super Socializer < 7.13.64 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed When creating a new widget, insert the following payload in the "FaceBook URL" field -...
The vulnerability of the Kofax PowerPDF software for creating, converting, editing, and publishing PDF files lies in the fact that operations are performed outside of the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Kofax PowerPDF software for creating, converting, editing, and publishing PDF files is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created PDF file...
[SECURITY] Fedora 40 Update: maven-plugin-tools-3.9.0-6.fc40
The Maven Plugin Tools contains the necessary tools to be able to produce Mav en Plugins in a variety of languages...
CVE-2024-1390
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...
CVE-2024-24779 Apache Superset: Improper data authorization when creating a new dataset
Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apac...
[SECURITY] Fedora 39 Update: engrampa-1.26.2-1.fc39
Mate File Archiver is an application for creating and viewing archives files, such as zip, xv, bzip2, cab, rar and other compress formats...
tang security and bug fix update
7-8 - Set correct user/group tang/tang in tangd-keygen Resolves: rhbz2188743 7-7 - Fix race condition when creating/rotating keys Resolves: rhbz2182410 Resolves: CVE-2023-1672...
CVE-2023-37636
A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...
CVE-2023-41157
Multiple stored cross-site scripting XSS vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab...
CVE-2023-38969
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function...
CVE-2023-38304
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group...
OpenZeppelin 安全漏洞
OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts versions prior to 4.3.0 through 4.9.1 that stems from allowing an attacker to gain the ability to cancel a proposal by creating it in advance...
CVE-2023-25348
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
CVE-2023-23076
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules...
Authorization
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata via the function cstugetmetadata that...
CVE-2022-45539
EyouCMS = 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file...
kernel: sfc: fix kernel panic when creating VF
In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efxef10tryupdatenicstatsvf. When releasing a DMA coherent buffer, sometimes, I don't know in what specific circumstances, it has t...
Khan Academy: xss due to incorrect handling of postmessages
Due to Insecure handling of create link tags a tags in a function called autolink found in 7Bmt.af733e428f9f986dfc96.js js e = n.autolinke, !0; const n = function const e = /\b?:?:https?://|www\d0,3.|a-z0-9.-+.a-z2,4/?:^\s&+|&|?:^\s|?:^\s+\+?:?:^\s|?:^\s+\|^\s!\;:'".,?«»“”‘’&/gi; return...