CVE-2024-29180 webpack-dev-middleware Path Traversal vulnerability

Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the...

dev-www.thrifty.co.uk Cross Site Scripting vulnerability OBB-3882049

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

webpack-dev-middleware 安全漏洞

webpack-dev-middleware is an express style development middleware for webpack open source . Used for webpack bundles and allows to provide files emitted from webpack. A security vulnerability exists in webpack-dev-middleware versions prior to 7.1.0, 6.1.2, and 5.3.4, which stems from a path...

CVE-2024-29138

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DEV Institute Restrict User Access – Membership Plugin with Force allows Reflected XSS.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through 2.5...

CVE-2024-29138

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through = 2.5...

CVE-2024-29138 WordPress Restrict User Access plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through = 2.5...

CVE-2024-29138

The CVE-2024-29138 issue affects the WordPress Restrict User Access – Membership Plugin with Force (vulnerable:

WordPress Restrict User Access – Membership Plugin with Force Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software Restrict User Access – Membership Plugin with Force Type Plugin Vulnerable versions = 2.5 Fixed in 2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29138 Patch priority Medium CVSS severity Medium 7.1 Developer DEV Institute PSID 211a6e23f622 Credits...

CVE-2024-25933

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7...

CVE-2024-25933

CVE-2024-25933 concerns PeproDev Ultimate Invoice plugin for WordPress. Public details in connected sources indicate unauthenticated exposure of sensitive information via the init_plugin path, affecting PeproDev Ultimate Invoice versions up to 1.9.7. The NVD metrics assign a high base score (7.5)...

UBUNTU-CVE-2021-47122

In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in caifdevicenotify In case of caifenrolldev fail, allocated linksupport won't be assigned to the corresponding structure. So simply free allocated pointer in case of error...

CVE-2024-25592

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3...

CVE-2024-25592

CVE-2024-25592 affects WordPress Broken Link Checker plugin (versions through 2.2.3). Root cause: improper neutralization of input during web page generation, enabling Stored XSS. Impact: stored XSS vulnerability on sites using Broken Link Checker up to 2.2.3; CVSS base metrics in listed sources ...

Ubuntu 16.04 LTS : OpenSSL update (USN-6663-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6663-2 advisory. USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the preceding...

PT-2024-2265 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue affects the formSetDeviceName function of the /goform/SetOnlineDevName file, leading to a stack-based buffer overflow when the devName or mac argument is manipulated. This can be...

GPAC Security Vulnerabilities

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version 2.3-DEV-rev588-g7edc40fee-master, which originated from a vulnerability that allows remote attackers to execute arbitrary code and cause a denial of service via the gffwrite component in utils/osfile.c. T...

PT-2024-5530 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev588-g7edc40fee-master Description: The issue is related to a heap-based buffer overflow vulnerability in the gf fwrite component of the GPAC multimedia platform. This vulnerability can be exploited by a remote attacker...

RHEL 8 : device-mapper-multipath (RHSA-2024:1110)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1110 advisory. The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes:...

The vulnerability of the vlan_dev_hard_header function in the Linux kernel’s team component, which allows a hacker to cause a service failure.

The vulnerability of the vlandevhardheader function in the Linux kernel’s team component is related to a pointer dereferencing error. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...

DEBIAN-CVE-2021-47102

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix incorrect structure access In line: upper = info-upperdev; We access upperdev field, which is related only for particular events e.g. event == NETDEVCHANGEUPPER. So, this line cause invalid memory acce...