32 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ov5647 driver not initializing sub-devices before initialization control. This could lead to...
[SECURITY] Fedora 44 Update: kf6-kcompletion-6.25.0-1.fc44
KCompletion provides widgets with advanced completion support as well as a lower-level completion class which can be used with your own widgets...
SICK Lector8xx和SICK InspectorP8xx 安全漏洞
SICK Lector8xx and SICK InspectorP8xx are both products of SICK Germany.SICK Lector8xx is a 2D laser scanning barcode reader.SICK InspectorP8xx is a high performance 2D laser scanning sensor. A security vulnerability exists in SICK InspectorP8xx versions prior to 3.11.1 and SICK Lector8xx version...
CVE-2024-9306 WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-9306
The CVE refers to WP Booking Calendar for WordPress (versions
CVE-2024-5481
Affected software: Photo Gallery by 10Web – Mobile-Friendly Image Gallery (WordPress). CVE-2024-5481 affects all versions up to 1.8.23. Root cause: Path Traversal via esc_dir leading to copying arbitrary files and deleting arbitrary directories (including WordPress root). By default exploitable b...
CVE-2024-2797
The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for...
CVE-2024-2324 FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...
CVE-2024-2324
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...
CVE-2024-2797
The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for...
CVE-2023-6825
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...
Mitsubishi Electric MELSEC iQ-R series 安全漏洞
The Mitsubishi Electric MELSEC iQ-R series is a programmable logic controller from Mitsubishi Electric Japan. The Mitsubishi Electric MELSEC iQ-R series suffers from an information disclosure vulnerability that can be exploited by an authenticated, remote attacker to log in to the product and...
CVE-2024-0221 Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...
Unspecified Vulnerability in IBM InfoSphere Information Server (CNVD-2022-68284)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7 that stems fro...
CVE-2021-29824
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468...
IBM i2 Analyst s Notebook Buffer Overflow Vulnerability
IBM i2 Analyst s Notebook is a set of operating systems from IBM running in IBM Power Systems and IBM PureSystems. i2 Analyst s Notebook is vulnerable to a buffer overflow vulnerability, which can be exploited by local attackers to overflow the buffer and gain lower-level privileges...
IBM i Buffer Overflow Vulnerability
IBM i is a set of operating systems from IBM USA running in IBM Power Systems and IBM PureSystems. IBM i has a buffer error vulnerability that stems from incorrect software boundary checking, making the software vulnerable to stack-based buffer overflow attacks, which could be exploited by a loca...
CVE-2021-39050
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440...
CVE-2021-39049
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439...
Stack overflow
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439...