SUSE CVE-2024-53849

editorconfig-core-c is theEditorConfig core library written in C for use by plugins supporting EditorConfig parsing. In affected versions several overflows may occur in switch case '' when the input pattern contains many escaped characters. The added backslashes leave too little space in the outp...

WordPress plugin Logo Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

UBUNTU-CVE-2024-53849

editorconfig-core-c is theEditorConfig core library written in C for use by plugins supporting EditorConfig parsing. In affected versions several overflows may occur in switch case '' when the input pattern contains many escaped characters. The added backslashes leave too little space in the outp...

CVE-2024-53849

editorconfig-core-c is theEditorConfig core library written in C for use by plugins supporting EditorConfig parsing. In affected versions several overflows may occur in switch case '' when the input pattern contains many escaped characters. The added backslashes leave too little space in the outp...

CVE-2024-53849

The CVE-2024-53849 issue affects editorconfig-core-c (EditorConfig core library in C) where multiple escaped characters in input patterns can trigger stack/pointer overflows in the '[' handling during parsing. The root cause is that added backslashes reduce available space in nested-bracket outpu...

CVE-2024-47765 Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting XSS attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of...

WordPress plugin Giveaways and Contests by RafflePress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-6020

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...

PT-2024-29891 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.5.1 Shopware versions prior to 6.5.8.13 Description: The issue concerns a new Twig Tag sw silent feature call in Shopware, which silences deprecation messages. This tag accepts a string parameter for the feature...

GHSA-GC5H-6JX9-Q2QH eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget

Impact The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have the required permission. It is not persistent, i.e. the payload is only executed during the uploa...

WordPress plugin SpiderContacts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-37166

CVE-2024-37166 affects the ghtml template engine. It enables user-controlled JavaScript execution in some render paths, i.e., an XSS risk. Version 2.0.0 adds mitigations by escaping HTML-special characters and the backtick, but the advisory states this does not provide comprehensive XSS protectio...

GO-2024-2747 Hugo Markdown titles are not escaped in internal render hooks in github.com/gohugoio/hugo

Hugo Markdown titles are not escaped in internal render hooks in github.com/gohugoio/hugo...

PT-2024-40009 · Silverstripe · Silverstripe/Framework +1

Name of the Vulnerable Software and Affected Versions: silverstripe/framework affected versions not specified Description: A potential SQL injection issue was identified when using the silverstripe/postgresql database adapter. Although it is unlikely to be exploitable, the issue has been patched ...

WordPress plugin HL Twitter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

GHSA-PPF8-HHPP-F5HJ Hugo Markdown titles do not escaped in internal render hooks

Impact Title argument in Markdown for links and images not escaped in internal render hooks. Impacted are Hugo users who have these hooks enabled and do not trust their Markdown content files. Patches Patched in v0.125.3. Workarounds Replace with user defined templates or disable the internal...

libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution

An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins...

BIT-MEDIAWIKI-2020-25815

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

CSV Injection

firefly-iii is vulnerable to CSV Injection vulnerability. The vulnerability is due to un-escaped user input in CSV files. This issue can be exploited by an attacker resulting in unauthorized access or manipulation of data when opening the csv file...

WordPress plugin Simple Post security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...