CVE-2024-31245

CVE-2024-31245 is an unauthenticated Information Exposure vulnerability in ConvertKit (WordPress plugin) affecting versions up to 2.4.5. The issue involves insertion of sensitive information into log files, with confidentiality impact rated High. Exploitation details are not provided in the suppl...

CVE-2024-31245 WordPress ConvertKit plugin <= 2.4.5 - Email Disclosure in Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5...

CVE-2024-31353 WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8...

CVE-2024-31353

CVE-2024-31353 : Affects Slideshow Gallery LITE (WordPress plugin) ≤ 1.7.8. The Wordfence entry confirms an unauthenticated information exposure vulnerability (insertion of sensitive information into log files). No exploitation details are provided in the connected docs, and the patch status for ...

CVE-2024-31353 WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8...

kernel: net/sched: sch_hfsc UAF

A use-after-free flaw was found in the Linux kernel's net/sched: schhfsc HFSC qdisc traffic control component that can be exploited to achieve local privilege escalation. If a class with a link-sharing curve, for example, with the HFSCFSC flag set, has a parent without a link-sharing curve, then...

GHSA-GV3W-M57P-3WC4 gin-vue-admin background arbitrary code coverage vulnerability

Impact "gin-vue-admin Plugin Template feature, an attacker can perform directory traversal by manipulating the 'plugName' parameter. They can create specific folders such as 'api', 'config', 'global', 'model', 'router', 'service', and 'main.go' function within the specified traversal directory...

Contao 安全漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.x prior to version 4.13.40 and version 5.x prior to version 5.3.4, which stems from the ability t...

Cross-Site Scripting (XSS)

github.com/alexxit/go2rtc is vulnerable for Cross-Site Scripting XSS. The vulnerability due to the links.html page appending the src GET parameter in all of its links for 1-click previews, where the context of appending is innerHTML, leading to the insertion of the text as HTML which results in X...

CVE-2024-29191

CVE-2024-29191 affects gotortc (camera streaming app); versions 1.8.5 and earlier are vulnerable to DOM-based XSS. The vulnerability arises when links.html appends the src GET parameter into links via innerHTML, causing text to be interpreted as HTML. A patch was committed (3b3d5b033aac3a019af64f...

CVE-2024-30523 WordPress Paid Memberships Pro – Mailchimp Add On plugin <= 2.3.4 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add On: from n/a through 2.3.4...

CVE-2024-30514

CVE-2024-30514 affects Paid Memberships Pro – Payfast Gateway Add On for WordPress, with the vulnerability described as an insertion of sensitive information into the log file. The issue affects the Payfast gateway add-on versions up to 1.4.1. The connected Red Hat entry reproduces the same descr...

CVE-2024-25923 WordPress Community by PeepSo plugin <= 6.2.7.0 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0...

Rockwell Automation Arena Simulation Software Uninitialized Pointer Access Vulnerability

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. An uninitialized pointer access vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attack...

Rockwell Automation Arena Simulation Software Free After Use Vulnerability

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A free after-use vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by attackers to insert...

CVE-2023-44989

CVE-2023-44989 affects the CF7 Google Sheets Connector WordPress plugin. It enables unauthenticated exposure of sensitive data via the plugin’s debug log (google-sheet-connector.php) for versions up to 5.0.5. Patch: upgrade to 5.0.6. The CVSS/impact details in connected sources cite high severity...

CVE-2024-21919

An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the...

CVE-2024-21912

An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code ...

CVE-2024-2929

Summary: CVE-2024-2929 concerns Rockwell Automation Arena Simulation software with memory corruption flaws due to buffer-related issues that can lead to unauthorized code execution if a user opens a malicious file. The vulnerability family includes multiple memory-corruption variants (out-of-boun...

CVE-2024-21918

Rockwell Automation Arena Simulation Software (Arena Simulation) is affected by CVE-2024-21918, a memory corruption vulnerability in the memory handling (memory corruption/overflow) that could allow an attacker to execute arbitrary code after opening a malicious file. Affected product: Arena Simu...