PT-2025-26108 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the imx-jpeg media component. The issue allowed for potential memory out of bounds risks, particularly in the...

MADCAT: Combating Malware Detection under Concept Drift with Test-Time Adaptation

We present MADCAT, a self-supervised approach designed to address the concept drift problem in malware detection. MADCAT employs an encoder-decoder architecture and works by test-time training of the encoder on a small, balanced subset of the test-time data using a self-supervised objective. Duri...

PT-2025-18320 · Base-X · Base-X

Name of the Vulnerable Software and Affected Versions: base-x versions prior to 3.0.11 base-x version 4.0.0 base-x version 5.0.0 Description: The issue allows attackers to potentially deceive users into sending funds to an unintended address. This is achieved through a problem in the base-x encod...

ALSA-2024:3095 Moderate: vorbis-tools security update

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fixes: vorbis-tools: Buffer Overflow vulnerability CVE-2023-43361...

WordPress Base64 Encoder/Decoder plugin <= 0.9.2 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Base64 Encoder/Decoder versions = 0.9.2...

WordPress Base64 Encoder/Decoder plugin <= 0.9.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Francisco Spínola in WordPress Plugin Base64 Encoder/Decoder versions = 0.9.2...

CVE-2024-3823

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-3822

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-3823 Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-3823 Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-3824

CVE-2024-3824 affects the WordPress plugin “Base64 Encoder/Decoder” up to version 0.9.2. The vulnerability arises from a missing CSRF check when resetting plugin settings, potentially allowing a logged-in attacker to trigger a CSRF reset on an admin. Public details consistently describe the issue...

CVE-2024-3824 Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

CVE-2024-3824 Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

CVE-2024-3822 Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-3822 Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Base64 Encoder/Decoder Type Plugin Vulnerable versions = 0.9.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3822 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 72ed251444bf Credits Francisco Spínola...

WordPress plugin Base64 Encoder/Decoder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Base64 Encoder/Decoder Type Plugin Vulnerable versions = 0.9.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 51b5eb3fcb26 Credits Bob Matyas...

WordPress plugin Base64 Encoder/Decoder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Base64 Encoder/Decoder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...