1227 matches found
CVE-2024-43407
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
GO-2023-1471 Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server
Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server...
PT-2024-30060 · Pligg Cms · Pligg Cms
Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. It affects the /admin/submit page.php endpoint. Recommendations: For Pligg CMS version 2.0.2, update to a version that includes a fi...
PT-2024-38669 · Unknown · Tosei Online Store Management System
Name of the Vulnerable Software and Affected Versions: Tosei Online Store Management System versions 4.02 through 4.04 Description: A critical vulnerability was found in the Backend component of the system, allowing for the use of default credentials. The attack can be initiated remotely. The...
kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
CVE-2024-35789 is a vulnerability in the Linux kernel’s Wi-Fi subsystem mac80211. It occurs when a station is moved out of a VLAN, and the VLAN is subsequently deleted. A reference to the deleted VLAN’s network device may remain, leading to a use-after-free condition. This can result in system...
kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
CVE-2024-35789 is a vulnerability in the Linux kernel’s Wi-Fi subsystem mac80211. It occurs when a station is moved out of a VLAN, and the VLAN is subsequently deleted. A reference to the deleted VLAN’s network device may remain, leading to a use-after-free condition. This can result in system...
KB5041160: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (August 2024)
The remote Windows host is missing security update 5041160. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...
WordPress plugin Participants Database 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...
ROS-20240812-15
Apache HTTP Server kernel vulnerability is related to ignoring outdated configuration of the of handlers by the "AddType" function. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information. remotely to disclose protected information Vulnerability...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-42082)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42082 advisory. - In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN from xdpregmemmodel...
WordPress WooCommerce Multiple Customer Addresses & Shipping Plugin < 24.9 is vulnerable to Multiple Vulnerabilities
Software WooCommerce Multiple Customer Addresses & Shipping Type Plugin Vulnerable versions 24.9 Fixed in 24.9 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Multiple Vulnerabilities CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2a12b42bb04b...
CVE-2024-6980
A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...
Amazon Linux 2 : httpd (ALAS-2024-2594)
The version of httpd installed on the remote host is prior to 2.4.61-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2594 advisory. Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sen...
CVE-2024-6121
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service...
CVE-2024-6121 NI SystemLink Server Ships Out of Date Redis Version
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service...
NI SystemLink Server 安全漏洞
NI SystemLink Server is an application soft from National Instruments NI Inc. that helps engineers implement cost-effective and locally managed test and measurement standardization, automation, and digitization tools. A security vulnerability exists in NI SystemLink Server version 2024 Q1 and...
PT-2024-33238 · Progress · Sitefinity
Name of the Vulnerable Software and Affected Versions: Sitefinity versions prior to 15.1.8321.0 Description: The issue allows the user to be redirected to an arbitrary site. Recommendations: For versions prior to 15.1.8321.0, update to a version that contains a fix for this issue. At the moment,...