CVE-2024-41732

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read ...

CVE-2024-41732 Improper Access Control in SAP Netweaver Application Server ABAP

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read ...

CVE-2024-41732 Improper Access Control in SAP Netweaver Application Server ABAP

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read ...

CVE-2024-41732

SAP NetWeaver Application Server ABAP is affected by CVE-2024-41732: an unauthenticated attacker can craft a URL that bypasses allowlists, potentially injecting CSS or links to read/modify information. Impact is limited to data confidentiality/ integrity; no availability impact is stated. Affecte...

KLA71480 SUI vulnerability in Microsoft Dynamics

A cross-site-scripting XSS vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2024-38211 Related products Microsoft-Dynamics-365 CVE list CVE-2024-38211 critical KB list 5041557 Solution Install necessary...

Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS : Libcroco vulnerabilities (USN-6958-1)

The remote Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6958-1 advisory. It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a hea...

WordPress plugin My Custom CSS PHP & ADS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

FreeBSD : Roundcube -- Multiple vulnerabilities (5776cc4f-5717-11ef-b611-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5776cc4f-5717-11ef-b611-84a93843eb75 advisory. The Roundcube project reports: XSS vulnerability in post-processing of sanitized HTML content...

WordPress My Custom CSS PHP & ADS plugin <= 3.3 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin My Custom CSS PHP & ADS versions = 3.3...

PT-2024-38326 · WordPress · My Custom Css Php & Ads

Name of the Vulnerable Software and Affected Versions: My Custom CSS PHP & ADS plugin for WordPress versions up to, and including, 3.3 Description: The issue is related to Full Path Disclosure, which occurs because the plugin does not prevent direct access to the...

WordPress My Custom CSS PHP & ADS Plugin <= 3.3 is vulnerable to Sensitive Data Exposure

Software My Custom CSS PHP & ADS Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7410 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ebd1338eee8c Credits stealthcopter Required...

Roundcube Webmail 1.5.x < 1.5.8 / 1.6.x < 1.6.8 Multiple Vulnerabilities

The remote web server is running Roundcube Webmail version 1.5.x prior to 1.5.8 or 1.6.x prior to 1.6.8. It is, therefore, affected by multiple vulnerabilities. - A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote...

New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information. "The attackers chose a group of the best-known...

SUSE CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

CVE-2024-7000

Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-7000

Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2024-7000

Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-7000

Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-7000

Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-7000

Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...