ROS-20250121-03

Vulnerability The contentsecuritypolicy function of the Ruby interpreter's Action Pack extension is related to a vulnerability in the dynamically set Content-Security-Policy CSP headers. Content-Security-Policy CSP dynamically set headers vulnerability. Exploitation The vulnerability could allow ...

go-git: argument injection via the URL field

An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...

WordPress WP Block Pack plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WP Block Pack versions = 1.1.6...

The vulnerability of the Action Pack framework for the Ruby interpreter allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Action Pack framework’s Ruby interpreter lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

Description of the security update for SharePoint Enterprise Server 2016: January 14, 2025 (KB5002672)

Description of the security update for SharePoint Enterprise Server 2016: January 14, 2025 KB5002672 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the...

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: January 14, 2025 (KB5002671)

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: January 14, 2025 KB5002671 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about th...

The vulnerability of the git-upload-pack method of the go-git library allows a perpetrator to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the git-upload-pack method in the go-git library is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a malicious actor to influence the confidentiality, integrity, and accessibility of the protected information...

SUSE CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

ROS-20250110-11

A vulnerability in the Action Pack framework of the Ruby on Rails software platform is related to incorrect validation of the of input data. Exploitation of the vulnerability could allow a remote attacker to bypass certain security restrictions. certain security restrictions...

CVE-2024-12851

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customattributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to...

CVE-2024-12851

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customattributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to...

CVE-2024-12851 Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customattributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to...

CVE-2024-12851

CVE-2024-12851 affects the Element Pack Elementor Addons Lite (Header Footer, Template Library, Dynamic Grid, Carousel, Remote Arrows) for WordPress. The vulnerability is a Stored Cross-Site Scripting via the custom_attributes parameter of the Cookie Consent Widget, present in all versions up to ...

CVE-2024-12851 Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customattributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to...

PT-2025-1965 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: Element Pack Elementor Addons versions up to, and including, 5.10.14 Description: The issue concerns a Stored Cross-Site Scripting vulnerability in the Element Pack Elementor Addons plugin for WordPress. This vulnerability is due to...

WordPress plugin Element Pack Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Element Pack Lite - Addons for Elementor plugin <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Element Pack Lite - Addons for Elementor plugin = 5.10.14 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.14...

CVE-2025-21613

An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...

DEBIAN-CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

AZL-55094 CVE-2025-21613 affecting package packer for versions less than 1.9.5-7

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...