293 matches found
WordPress plugin Altra Side Menu 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-50695
CVE-2024-50695 affects SunGrow WiNet-SV200.001.00.P027 and earlier versions. The issue is a stack-based buffer overflow that occurs when parsing MQTT messages due to missing MQTT topic bounds checks. Public sources describe the vulnerability as potentially enabling arbitrary code execution remote...
WordPress plugin Atarim 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not checking buffer lengths before accessing them...
WordPress plugin Export Import Menus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
PT-2026-4368
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw exists in the Linux kernel’s KVM component related to the gmap helper zap one page function. Missing checks within this function could lead to memory corruption in guest virtual...
CVE-2024-12307
CVE-2024-12307 affects Unifiedtransform (2.0 and earlier). Root cause: function-level access control missing in the student editing workflow, enabling teachers to modify student personal data without proper authorization. Initial publication notes no patch was available. Connected sources also re...
PT-2024-17445 · WordPress · Gold Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Gold Addons for Elementor plugin for WordPress versions up to, and including, 1.3.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the activate and deactivate functions. This makes it...
kernel: net: missing check virtio
In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1. After the skbsegment function the buffer may become non-linear nrfrags != 0, but since the SKBTXSHAREDFRAG flag is not set...
CVE-2024-20112
In isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09071481; Issue ID: MSV-1730...
The vulnerability of the writeback component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the writeback component in the Linux operating system’s kernel is related to the lack of checks for division by zero. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2022-48967 NFC: nci: Bounds check struct nfc_target arrays
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfctarget arrays While running under CONFIGFORTIFYSOURCE=y, syzkaller reported: memcpy: detected field-spanning write size 129 of single field "target-sensfres" at net/nfc/nci/ntf.c:260 size 18 This...
WordPress UltimateAI plugin <= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check vulnerability
Limited User Password Change due to Improper Empty and Missing Default Value Check vulnerability discovered by István Márton in WordPress Plugin UltimateAI versions = 2.8.3...
uplot: Prototype Pollution in uplot
A flaw was found in uPlot. This vulnerability allows prototype pollution via the uplot.assign function due to missing checks for attributes that resolve to the object prototype...
WordPress plugin ImagePress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-46715 driver: iio: add missing checks on iio_info's callback access
In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iioinfo's callback access Some callbacks from iioinfo structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysfs entries produce a...
Heap-based Buffer Overflow
libzephyr.so is vulnerable to Heap-based Buffer Overflow. The vulnerability is caused due to missing checks for the remaining size of a buffer in the bthcileadvextreport function in bluetooth/host/scan.c before passing it on to the cont routine. This may lead to unexpected behavior or system...
Lunary 安全漏洞
Lunary is an open source production toolkit for LLM from Lunary. A security vulnerability exists in Lunary version 1.4.10, which stems from an interface that does not validate the necessary permissions for user access, resulting in an unauthorized user being able to obtain non-public information...
In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.
...
PT-2024-38777 · WordPress · Mm-Breaking News
Name of the Vulnerable Software and Affected Versions: MM-Breaking News WordPress plugin versions 0.7.9 and earlier Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add...