482 matches found
Medium: php
Issue Overview: A flaw was found in PHP. The vulnerability occurs due to the malformed phpfilterfloat function and leads to a use-after-free vulnerability. This flaw allows an attacker to inject a malicious file, leading to a crash or a Segmentation fault. CVE-2021-21708 Affected Packages: php...
GHSA-C2HM-MJXV-89R4 Multiple soundness issues in lexical
lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...
RUSTSEC-2023-0055 Multiple soundness issues
lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...
DEBIAN-CVE-2020-22524
Buffer Overflow vulnerability in FreeImageLoad function in FreeImage Library 3.19.0r1828 allows attackers to cuase a denial of service via crafted PFM file...
CVE-2023-37769
stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combineinner at /pixman-combine-float.c...
UBUNTU-CVE-2023-37769
stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combineinner at /pixman-combine-float.c...
CVE-2023-3225
The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3225 Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3225 Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3225
CVE-2023-3225 refers to a vulnerability in the Float Menu WordPress plugin, where versions prior to 5.0.3 fail to sanitize and escape certain settings. This enables stored Reflected/Stored Cross-Site Scripting by high-privilege users (e.g., administrators), even when unfiltered_html is disallowed...
WordPress plugin Float menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Float menu Plugin < 5.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Float menu Type Plugin Vulnerable versions 5.0.3 Fixed in 5.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3225 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59d256b130ab Credits Dipak Panchal th3.d1pak Require...
Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new item in the plugin settings 2. Enter...
Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new item in the plugin settings 2...
Cross site scripting
The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...
PT-2023-19080 · WordPress · Float Menu +11
Name of the Vulnerable Software and Affected Versions: Float menu WordPress plugin versions prior to 5.0.2 Bubble Menu WordPress plugin versions prior to 3.0.4 Button Generator WordPress plugin versions prior to 2.3.5 Calculator Builder WordPress plugin versions prior to 1.5.1 Counter Box WordPre...
WordPress Plugin Float menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...