PT-2024-22825 · WordPress · Magical Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Magical Addons For Elementor plugin versions up to, and including, 1.1.37 Description: The issue is related to Stored Cross-Site Scripting via the plugin's text effect widget due to insufficient input sanitization and output escaping on...

WordPress Herd Effects plugin < 5.2.7 - Effect Deletion via CSRF vulnerability

Effect Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Herd Effects versions 5.2.7...

Exploit for Use After Free in Linux Linux_Kernel

CVE-2024-1086 Universal local privilege escalation Proof-of-C...

AWS Amplify CLI has incorrect trust policy management

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

Herd Effects < 5.2.7 - Effect Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an allocation failure warning having no effect...

CVE-2021-47010 net: Only allow init netns to set default tcp cong to a restricted algo

In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns to set default tcp cong to a restricted algo tcpsetdefaultcongestioncontrol is netns-safe in that it writes to &net-ipv4.tcpcongestioncontrol, but it also sets ca-flags |= TCPCONGNONRESTRICTED which is...

PT-2024-20455 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.4.0 Description: The issue arises when using the built-in extract32b, start function in Vyper, a pythonic Smart Contract Language for the Ethereum virtual machine. If the start index provided has a side effect that...

MAL-2024-517 Malicious code in wlwz-2312-3805 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39b7afd8c60ee4f474356edb072e946548d46617d828afa0c6b9706bd6a781ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BELL-CVE-2023-4385 CVE-2023-4385 does not affect BellSoft software

Bulletin has no description...

CVE-2023-41881 Deleting a collaboration should also delete linked resources

vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources such as tasks from that collaboration should be deleted. This is partly to manage data properly, but also to prevent a potential but unlikely side-effect that affects versions...

CVE-2023-40605

Auth. contributor Cross-Site Scripting XSS vulnerability in 93digital Typing Effect plugin = 1.3.6 versions...

CVE-2023-40605

Auth. contributor Cross-Site Scripting XSS vulnerability in 93digital Typing Effect plugin = 1.3.6 versions...

Cross site scripting

Auth. contributor Cross-Site Scripting XSS vulnerability in 93digital Typing Effect plugin = 1.3.6 versions...

CVE-2023-40605 WordPress Typing Effect Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor Cross-Site Scripting XSS vulnerability in 93digital Typing Effect plugin = 1.3.6 versions...

CVE-2023-40605 WordPress Typing Effect Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor Cross-Site Scripting XSS vulnerability in 93digital Typing Effect plugin = 1.3.6 versions...

CVE-2023-40605

CVE-2023-40605 is an Authenticated (Contributor+) Cross-Site Scripting (XSS) vulnerability in the 93digital Typing Effect WordPress plugin, affecting versions up to and including 1.3.6. The issue is tied to the Typing Effect plugin and has actionable remediation: upgrade to version 1.3.7 or later...

WordPress plugin animated-typing-effect cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-27535 · 93Digital · 93Digital Typing Effect Plugin

Name of the Vulnerable Software and Affected Versions: 93digital Typing Effect plugin versions = 1.3.6 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to...

CVE-2023-4318 Herd Effects < 5.2.4 - Effect Deletion via CSRF

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack...