CVE-2024-33688

Cross-Site Request Forgery CSRF vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31...

CVE-2024-33688

Cross-Site Request Forgery CSRF vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31...

CVE-2024-33688 WordPress Teluro theme <= 1.0.31 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31...

CVE-2024-33688

Extend Themes Teluro WordPress theme, versions 1.0.0–1.0.31, are affected by a Cross-Site Request Forgery (CSRF) vulnerability. The issue allows unauthenticated or authenticated actions to be executed on behalf of a user (per Patchstack: unauthenticated privilege; user interaction required). Root...

PT-2024-25443 · Unknown · Extend Themes Teluro

Name of the Vulnerable Software and Affected Versions: Extend Themes Teluro versions 1.0.0 through 1.0.31 Description: A Cross-Site Request Forgery CSRF issue affects Extend Themes Teluro. This issue allows an attacker to perform unintended actions on a user's account. Recommendations: For versio...

PT-2024-32213

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved by adding a missing NULL pointer check within the dpcd extend address range function. This issue could lead to an ASSERT if the retu...

CVE-2024-2904

Cross-Site Request Forgery CSRF vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33...

CVE-2024-2904

Cross-Site Request Forgery CSRF vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33...

CVE-2024-2904

CVE-2024-2904 affects the WordPress Calliope theme (versions up to 1.0.33). The issue is a Cross-Site Request Forgery (CSRF) vulnerability in the Calliope theme, with PatchStack listing a fix in 1.0.35. Other sources corroborate the CSRF impact and affected range (

CVE-2024-2904 WordPress Calliope theme <= 1.0.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33...

PT-2024-22692

Name of the Vulnerable Software and Affected Versions Extend Themes Calliope versions 1.0.33 and earlier Description The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application...

DEBIAN-CVE-2021-47114

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with buffer write, at...

CVE-2023-6988

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extendbuilderrenderjs shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

PT-2024-15162 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.239 Description: The issue is related to Stored Cross-Site Scripting via the plugin's extend builder render js shortcode due to insufficient input sanitization and...

GHSA-MH8J-9JVH-GJF6 mockjs vulnerable to Prototype Pollution via the Util.extend function

All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, o...

CVE-2023-26158

All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, o...

PT-2023-20535 · Mockjs · Mockjs

Name of the Vulnerable Software and Affected Versions: mockjs versions prior to a version with the fixed Util.extend function Description: The issue arises from a missing check in the Util.extend function, allowing Prototype Pollution. This occurs when an attribute resolves to the object prototyp...

PT-2023-35576 · Git +1 · Pcapplusplus

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a negative-size-param, as reported by OSS-Fuzz. The crash occurs in the pcpp::RawPacket::insertData function,...

Prototype Pollution

Overview mockjs is a simulation data generator to help the front-end to develop and prototype separate from the back-end progress and reduce some monotony particularly while writing automated tests. Affected versions of this package are vulnerable to Prototype Pollution via the Util.extend functi...

Rocky Linux 8 : nodejs:12 (RLSA-2021:0549)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0549 advisory. - The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker...