WordPress PDF Embedder Plugin <= 4.7.1 is vulnerable to Cross Site Scripting (XSS)

Software PDF Embedder Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.8.0 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7794a505b744 Credits m3ez Required...

PT-2024-5574

Name of the Vulnerable Software and Affected Versions Roundcube versions 1.5.7 and earlier, 1.6.x through 1.6.7 Description The issue exists due to inadequate protection of the web page structure in the rcmail action mail get-run function of the Roundcube Webmail client. Exploitation of this issu...

CVE-2024-6005

A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be...

CVE-2024-2300

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices...

CVE-2024-2300 HP Advance Mobile Application – Potential Information Disclosure

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices...

CVE-2024-2300 HP Advance Mobile Application – Potential Information Disclosure

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices...

CVE-2024-2300

Technical details are not publicly available in the provided documents. Monitor for updates from HP and security advisories to obtain affected versions, vulnerable components, and remediation steps.

PT-2024-19636 · Hewlett Packard · Hp Advance Mobile Applications

Name of the Vulnerable Software and Affected Versions: HP Advance Mobile Applications for iOS and Android affected versions not specified Description: The issue concerns information disclosure when using an outdated version of the HP Advance Mobile Applications via mobile devices. Recommendations...

PT-2024-24003 · Unknown · Premmerce Product Filter For Woocommerce

Name of the Vulnerable Software and Affected Versions: Premmerce Product Filter for WooCommerce versions 3.7.2 and earlier Description: The issue is related to a Missing Authorization vulnerability in Premmerce Product Filter for WooCommerce. No information is provided about the estimated number ...

PT-2024-26637 · Analytify · Analytify

Name of the Vulnerable Software and Affected Versions: Analytify versions prior to 5.2.4 Description: A Cross-Site Request Forgery CSRF issue affects Analytify, allowing unauthorized actions to be performed on behalf of a user without their knowledge. Recommendations: For versions prior to 5.2.4,...

CVE-2024-3234

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

CVE-2024-3234

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

CVE-2024-3234 Path Traversal in gaizhenbiao/chuanhuchatgpt

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

CVE-2024-3234 Path Traversal in gaizhenbiao/chuanhuchatgpt

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

CVE-2024-3234

CVE-2024-3234 – Path traversal in gaizhenbiao/chuanhuchatgpt is due to an outdated Gradio component that permits traversal outside the restricted web_assets folder. The NVD/Nuclei/OSV records connect this to CVE-2023-51449 and describe that an attacker could bypass access restrictions and reach s...

PT-2024-24518 · Unknown +1 · Gaizhenbiao/Chuanhuchatgpt +1

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt versions prior to the fixed version released on 20240305 Description: The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. This...

ChuanhuChatGPT Path Traversal Vulnerability

ChuanhuChatGPT provides a fast and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and other LLMs. ChuanhuChatGPT suffers from a path traversal vulnerability that stems from the use of an outdated gradio component that is susceptible to path traversal attacks...

Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

GHSA-4M3G-6R7G-JV4F Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

Sail Further with Wiz Cost Optimization for Amazon EKS

Learn how Wiz's latest feature identifies outdated EKS clusters, helping organizations save millions on cloud spend. Find out how to optimize costs and reinvest savings in strategic initiatives...