GHSA-C2JG-5CP7-6WC7 Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer

Remote Code Execution via Unsafe Deserialization in Pipecat's LivekitFrameSerializer Summary A critical vulnerability exists in Pipecat's LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit integration. The class's deserialize...

GHSA-XJHV-V822-PF94 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

The affected versions of Wasmtime can panic if the host embedder drops the future returned by wasmtime::component::TypedFunc::callasync before it resolves. Details Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of...

CVE-2023-25488

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

EUVD-2023-29443

Malicious code in bioql PyPI...

CVE-2023-45871

An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU...

WP Default Feature Image <= 1.0.1.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-25488

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

CVE-2023-25488

CVE-2023-25488 applies to the WordPress plugin WP Default Feature Image . The connected sources describe a Stored Cross-Site Scripting (XSS) vulnerability that affects versions up to and including 1.0.1.1 . The root cause is an input/processing flaw in the plugin’s default feature image handling ...

CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

WordPress plugin WP Default Feature Image Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Default Feature Image Type Plugin Vulnerable versions = 1.0.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25488 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 82470384fb0a Credits Nithissh S...

PT-2021-20956 · Hitachi Energy · Rtu500 Series Cmu Firmware

Name of the Vulnerable Software and Affected Versions: Hitachi Energy RTU500 series CMU Firmware version 12.0. Hitachi Energy RTU500 series CMU Firmware version 12.2. Hitachi Energy RTU500 series CMU Firmware version 12.4. Description: The issue is related to an Improper Input Validation...

Command injection

pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the applydeltas function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted...

CVE-2017-4911

VMware Workstation 12.x prior to 12.5.3 and Horizon View Client 4.x prior to 4.4.0 contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs...

Netscape Enterprise Server 3.0/3.6/3.51 Directory Indexing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1063/info Netscape Enterprise Server 3.x includes a poorly documented feature that will allow remote users to view directory listings by appending various instructional tags to the URL. Although it can be disabled, Netsca...