WordPress Pmpro Membership Maps Plugin < 0.7 is vulnerable to Sensitive Data Exposure

Software Pmpro Membership Maps Type Plugin Vulnerable versions 0.7 Fixed in 0.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1286 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a7b3657c40ef Credits Scott Kingsley Clark...

HiColor 安全漏洞

HiColor is a program by the individual developer D. Bohdan. It is used to convert images to 15-bit and 16-bit RGB colors. A security vulnerability exists in HiColor version 0.5.0, which stems from a heap buffer overflow vulnerability in the cpunfilter function, allowing an attacker to trigger a...

HiColor 安全漏洞

HiColor is a program by the individual developer D. Bohdan. It is used to convert images to 15-bit and 16-bit RGB colors. A security vulnerability exists in HiColor version 0.5.0, which stems from a stack buffer overflow vulnerability in the cpdynamic function, allowing an attacker to trigger a...

WordPress WpStickyBar Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Software WpStickyBar Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6226 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ad3f0b1cf19 Credits Bob Matyas Required...

WordPress Happy Addons for Elementor Plugin <= 3.11.2 is vulnerable to Cross Site Scripting (XSS)

Software Happy Addons for Elementor Type Plugin Vulnerable versions = 3.11.2 Fixed in 3.11.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6627 Patch priority Low CVSS severity Low 6.5 Developer Leevio PSID 0dee5f2221b3 Credits Webbernaut Required...

WordPress WooCommerce Product Table Lite Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Product Table Lite Type Plugin Vulnerable versions = 3.5.1 Fixed in 3.8.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6458 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b99493f3472e Credits Luc...

WordPress Affiliate Manager Plugin < 6.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.2 Fixed in 6.5.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5285 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f621215a2f69 Credits Bob Matyas Required...

WordPress Email Encoder Bundle Plugin < 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions 2.2.2 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4483 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5d3ad3645d3e Credits Krugov Artyom Require...

WordPress Profile Builder Plugin < 3.11.8 is vulnerable to Broken Access Control

Software Profile Builder Type Plugin Vulnerable versions 3.11.8 Fixed in 3.11.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-6366 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 351dbb0efb2f Credits Michel Prunet Required privile...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

AZL-47050 CVE-2024-40897 affecting package orc 0.4.31-4

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

ALPINE-CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2024-40897

CVE-2024-40897 concerns the ORC library. A stack-based buffer overflow in orcparse.c affects ORC versions prior to 0.4.39, which could allow arbitrary code execution in a developer build environment when processing crafted files. The vulnerability primarily impacts developers and CI environments ...

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

CVE-2024-5067 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles...

CVE-2024-5067 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles...