CVE-2024-7000

CVE-2024-7000 is a use-after-free vulnerability in Chrome/Chromium CSS handling, allowing heap corruption via a crafted HTML page when a user is tricked into specific UI gestures. Affected: Google Chrome prior to 127.0.6533.72 (and Chromium); root cause: use-after-free in CSS. Impact: potentially...

CVE-2024-7000

Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-7000

Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

UBUNTU-CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

CVE-2024-42010

CVE-2024-42010 affects Roundcube Webmail; vulnerable in mod_css_styles filtering of CSS token sequences in rendered e‑mail messages. Impact: information leakage through insufficient CSS filtering. Affected versions include Roundcube 1.5.7 and 1.6.x up to 1.6.7. Mitigation: upgrade to Roundcube 1....

PT-2024-5873

Name of the Vulnerable Software and Affected Versions Roundcube versions 1.5.0 through 1.5.7 Roundcube versions 1.6.0 through 1.6.7 Description The issue is related to the mod css styles function in Roundcube, which insufficiently filters Cascading Style Sheets CSS token sequences in rendered...

CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 information leak access to remote content via insufficient CSS filtering CVE-2024-42010...

CVE-2024-5330

The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdancecssfilepathscache parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Breakdance 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Add Admin CSS plugin <= 2.0.1 - Unauthenticated Full Path Dislcosure vulnerability

Unauthenticated Full Path Dislcosure vulnerability discovered by stealthcopter in WordPress Plugin Add Admin CSS versions = 2.0.1...

WordPress Add Admin CSS Plugin <= 2.0.1 is vulnerable to Sensitive Data Exposure

Software Add Admin CSS Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6547 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 61a3002a46fe Credits stealthcopter Required privile...

CVE-2024-6547

The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of t...

CVE-2024-6547 Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure

The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of t...

CVE-2024-6547 Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure

The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of t...

WordPress plugin Add Admin CSS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...