WordPress plugin Linear 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-2253 · WordPress · Linear

Name of the Vulnerable Software and Affected Versions: Linear plugin for WordPress versions up to, and including, 2.8.1 Description: The issue is due to missing or incorrect nonce validation on the linear-debug feature, making it possible for unauthenticated attackers to reset the plugin's cache...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.9.6 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.9.6 General Availability release images, which provide enhancements, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS ba...

Important: Red Hat Security Advisory: VolSync 0.11.1 for RHEL 9

VolSync v0.11.1 general availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2024-12496 Linear <= 2.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linearblockbuycommissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-12496 Linear <= 2.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linearblockbuycommissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Non-linear parsing of case-insensitive content in golang.org/x/net/html

...

WordPress plugin Linear 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-1869 · WordPress · Linear

Name of the Vulnerable Software and Affected Versions: Linear plugin for WordPress versions up to, and including, 2.7.12 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'linear block buy commissions' shortcode due to insufficient input sanitization and output...

GHSA-W32M-9786-JP63 Non-linear parsing of case-insensitive content in golang.org/x/net/html

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

Non-linear parsing of case-insensitive content in golang.org/x/net/html

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54515 CVE-2024-45338 affecting package terraform for versions less than 1.3.2-21

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54431 CVE-2024-45338 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.2-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54531 CVE-2024-45338 affecting package kubevirt for versions less than 0.59.0-23

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54522 CVE-2024-45338 affecting package prometheus-adapter for versions less than 0.10.0-16

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54477 CVE-2024-45338 affecting package buildah 1.18.0-29

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54510 CVE-2024-45338 affecting package packer for versions less than 1.9.5-7

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

UBUNTU-CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

CVE-2024-45338 Non-linear parsing of case-insensitive content in golang.org/x/net/html

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...