2136 matches found
CVE-2024-22420 Stored cross site scripting in Markdown Preview in JupyterLab
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the...
CVE-2023-37444
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...
CVE-2023-37444
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...
WordPress Ideal Interactive Map Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
Software Ideal Interactive Map Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52189 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a837bcedc198 Credits Ngô Thiên An ancorn from VNPT-VCI...
CVE-2023-47840
Improper Control of Generation of Code 'Code Injection' vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2...
Code injection
Improper Control of Generation of Code 'Code Injection' vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2...
CVE-2023-47840
CVE-2023-47840 affects Qode Essential Addons (
DRUPAL-CONTRIB-2023-055
This module allows you to turn various data sources Eg CSV or JSON file into interactive visualisation. The DVF module provides a field storage, widget & formatter that can be added to any entity. This module uses two third-party JS libraries having from low to medium vulnerabilities. One of the...
CVE-2023-49854
Cross-Site Request Forgery CSRF vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7...
CVE-2023-49854 WordPress Caddy Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7...
CVE-2023-49854
CVE-2023-49854 is a CSRF vulnerability in the WordPress plugin Caddy – Smart Side Cart for WooCommerce. Affected versions are 1.9.7 and earlier; patched in 1.9.8. The NVD entry rates the issue as high (CVSS v3.1: 8.8), while Patchstack lists patch priority as low and notes unauthenticated CSRF ri...
Exploit for CVE-2023-6553
CVE-2023-6553 Exploit V2 🚀 Description 📝 The Backup Migra...
Improper Handling of Insufficient Privileges (Leaky Vessels)
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...
Improper Handling of Insufficient Privileges (Leaky Vessels)
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...
Improper Handling of Insufficient Privileges (Leaky Vessels)
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...
Improper Handling of Insufficient Privileges (Leaky Vessels)
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...
Improper Handling of Insufficient Privileges (Leaky Vessels)
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...
schrockinteractive.com Improper Access Control vulnerability OBB-3809799
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress plugin Interactive Contact Fo...