1606 matches found
CVE-2024-10458
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-10458
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-50473 WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through = 3.1.3...
CVE-2024-50473
CVE-2024-50473 : Ajar in5 Embed for WordPress is vulnerable to unauthenticated arbitrary file upload up to version 3.1.3 due to missing file-type validation. This unrestricted upload allows placing files (e.g., web shells) on the server (upload path shown in PoC: /wp-content/uploads/2024/php5/). ...
WordPress StreamWeasels YouTube Integration plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-youtube-embed Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via sw-youtube-embed Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin StreamWeasels YouTube Integration versions = 1.3.2...
WordPress plugin Ajar in5 Embed 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
Mozilla Firefox and Mozilla Thunderbird are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open-source Web browser.Mozilla Thunderbird is a separate set of Mozilla Application Suite Email client software. The software supports IMAP, POP mail protocols, and HTML mail...
PT-2024-16100 · WordPress · Streamweasels Youtube Integration
Name of the Vulnerable Software and Affected Versions: StreamWeasels YouTube Integration plugin for WordPress versions up to, and including, 1.3.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode due to insufficient input sanitization an...
WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by CTRL - Chance Patchstack Alliance in WordPress Plugin Ajar in5 Embed versions = 3.1.3...
WordPress Ajar in5 Embed Plugin <= 3.1.3 is vulnerable to Arbitrary File Upload
Software Ajar in5 Embed Type Plugin Vulnerable versions = 3.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50473 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 049a1a1b0c36 Credits CTRL Chance Required privilege...
CVE-2024-48423
An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library...
CVE-2024-48424
A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files...
WordPress Compact WP Audio Player plugin <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_embed_player Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via scembedplayer Shortcode vulnerability discovered by theviper17y in WordPress Plugin Compact WP Audio Player versions = 1.9.13...
PT-2024-16090 · WordPress · Compact Wp Audio Player
Name of the Vulnerable Software and Affected Versions: Compact WP Audio Player plugin for WordPress versions up to, and including, 1.9.13 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the sc embed player shortcode. This allow...
DRUPAL-CONTRIB-2024-050
This module enables you to embed the content of an SVG file into the body html of a node and optionally allows to translate text contained within the image. The module doesn't sufficiently sanitize the SVG file before embedding it into the html. This vulnerability is mitigated by the fact that an...
Drupal SVG Embed module < 2.1.2 - Authenticated Cross Site Scripting (XSS) vulnerability
Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff in WordPress Module SVG Embed versions 2.1.2...
SVG Embed - Moderately critical - Cross site scripting - SA-CONTRIB-2024-050
This module enables you to embed the content of an SVG file into the body html of a node and optionally allows to translate text contained within the image. The module doesn't sufficiently sanitize the SVG file before embedding it into the html. This vulnerability is mitigated by the fact that an...
CVE-2024-9897
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-9897 StreamWeasels Twitch Integration <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
PT-2024-39923 · WordPress · Streamweasels Twitch Integration
Name of the Vulnerable Software and Affected Versions: StreamWeasels Twitch Integration plugin for WordPress versions up to, and including, 1.8.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode due to insufficient input sanitization and...