UBUNTU-CVE-2024-53985

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri 1.15.7, or 1.16.x 1.16.8. The XSS vulnerability with certain...

Cross-site Scripting (XSS)

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the configuration of HTML5 sanitization and overridden sanitizer's allowed tags. An attacker can inject malicious content by exploiting the allowe...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the configuration of HTML5 sanitization and overridden sanitizer's allowed tags. An attacker can inject malicious content by exploiting the allowed tags settings to bypass sanitization controls. This is...

CVE-2024-53987 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

CVE-2024-53987

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

CVE-2024-53988 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

The vulnerability of the Mathematical Functions and Operations Library of oneAPI Math Kernel Library, related to an uncontrolled element in the search process, allows attackers to exploit their privileges.

The vulnerability of the Mathematical Functions and Operations Library of oneAPI Math Kernel Library is related to an uncontrollable element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges...

PT-2024-27102

Name of the Vulnerable Software and Affected Versions: Prestashop version 8.1.4 Description: A NULL pointer dereference was identified in the math round function within Tools.php. Recommendations: For Prestashop version 8.1.4, consider disabling the math round function within Tools.php until a...

CVE-2024-11620

Improper Control of Generation of Code 'Code Injection' vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Code Injection.This issue affects Rank Math SEO: from n/a through = 1.0.231...

CVE-2024-11620 WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Code Injection.This issue affects Rank Math SEO: from n/a through = 1.0.231...

CVE-2024-11620 WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Code Injection.This issue affects Rank Math SEO: from n/a through = 1.0.231...

CVE-2024-11620

CVE-2024-11620 corresponds to WordPress Rank Math SEO plugin versions &lt;= 1.0.231, where an arbitrary .htaccess overwrite can lead to Remote Code Execution (RCE). Public sources (Patchstack, CVE records) describe Code Injection via improper code generation control in Rank Math SEO, with CVSSv3....

WordPress plugin Rank Math SEO 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-17142 · Unknown · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO versions 1.0.2 through 1.0.231 Description: A Code Injection vulnerability exists in Rank Math SEO, allowing improper control of code generation. This issue enables code injection, potentially leading to security breaches. The...

Moderate: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents CVE-2021-33198 podman: podman machine spawns gvproxy...

Rank Math SEO with AI SEO Tools Plugin < 1.0.229 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rankmath:seo"; ifdescription...

WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability

Arbitrary .htaccess Overwrite to Remote Code Execution RCE vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Rank Math SEO versions = 1.0.231...

SUSE CVE-2024-52595

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

WordPress Rank Math SEO Plugin <= 1.0.231 is vulnerable to Remote Code Execution (RCE)

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.231 Fixed in 1.0.232 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-11620 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID fa39a0816eed Credits Rafie Muhammad Patchstack...