Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the require process. An attacker can access sensitive local .js and .json files by supplying malicious JavaScript templates that exploit the module loader to bypass file access restrictions. This is only...

EUVD-2024-34311

Malicious code in bioql PyPI...

EUVD-2024-50355

Malicious code in bioql PyPI...

EUVD-2024-49356

Malicious code in bioql PyPI...

CVE-2023-26045

NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to...

CVE-2024-9669

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

CVE-2024-11010

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'defaultlang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

CVE-2024-8704

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fmalocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrar...

CVE-2024-11010 FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'defaultlang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

WordPress FileOrganizer plugin <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion vulnerability

Authenticated Administrator+ Local JavaScript File Inclusion vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin FileOrganizer versions = 1.1.4...

CVE-2024-9669

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

CVE-2024-9669

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

CVE-2024-9669

The CVE-2024-9669 entry describes an Local JavaScript File Inclusion vulnerability in WordPress File Manager Pro – Filester plugin (versions

CVE-2024-9669 File Manager Pro – Filester <= 1.8.5 - Authenticated (Administrator+) Local JavaScript File Inclusion

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

PT-2024-39751

Name of the Vulnerable Software and Affected Versions File Manager Pro – Filester plugin for WordPress versions up to, and including, 1.8.5 Description The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion via the fm locale parameter. This allows...

CVE-2024-8704

CVE-2024-8704 covers the WordPress plugin “Advanced File Manager” (versions

WordPress Advanced File Manager plugin <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale vulnerability

Authenticated Administrator+ Local JavaScript File Inclusion via fmalocale vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Advanced File Manager versions = 5.2.8...

chromium-browser: Insufficient policy enforcement

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...

Apple Mac OS X + Safari - Local Javascript Quarantine Bypass Vulnerability

Exploit for macOS platform in category local exploits Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: email protected CVE: N/A Vendor notification: 2017-07-15 Vend...

Apple Mac OS X + Safari - Local Javascript Quarantine Bypass

Apple Mac OS X + Safari - Local Javascript Quarantine Bypass Title: Mac OS X Local Javascript Quarantine Bypass Product: Mac OS X Version: 10.12, 10.11, 10.10 and probably prior Vendor: apple.com Type: DOM Based XSS Risk level: 3 / 5 Credits: [email protected] CVE: N/A Vendor...