CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

UBUNTU-CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

CVE-2025-21613 go-git has an Argument Injection via the URL field

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

go-git 参数注入漏洞

go-git is go-git open source a highly extensible git implementation library written in pure Go. A parameter injection vulnerability exists in go-git versions prior to v5.13, which stems from the presence of a parameter injection vulnerability that could allow an attacker to set arbitrary values t...

WordPress Element Pack Elementor Addons plugin <= 5.10.12 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by WordFence in WordPress Plugin Element Pack Elementor Addons versions = 5.10.12...

Heels on fire. Hacking smart ski socks

TL;DR A silly-season BLE connectivity story Overheat people’s smart ski socks …but only when in Bluetooth range AND when the owner's phone is out of range of their feet! Having experienced painfully cold feet several times over the years while skiing, including once at minus 42°C in the Canadian...

CVE-2024-11852

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getlayouts function in all versions up to, and including, 5.10.12. This makes it...

CVE-2024-11852

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getlayouts function in all versions up to, and including, 5.10.12. This makes it...

CVE-2024-11852 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getlayouts function in all versions up to, and including, 5.10.12. This makes it...

CVE-2024-11852

CVE-2024-11852 affects the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress. The root cause is a missing capability check in the get_layouts() function, present in all versions up to and including 5.10.12. This allows a...

CVE-2024-11852 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getlayouts function in all versions up to, and including, 5.10.12. This makes it...

PT-2024-17293 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.10.12 Description: The issue is related to unauthorized access of data due to a missing capability check on the get layouts function. This allows authenticate...

WordPress plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

BIT-RAILS-2024-28103 Action Pack is missing security headers on non-HTML responses

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...

Cross-Site Scripting (XSS)

Action Pack is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the contentsecuritypolicy helper, allowing carefully crafted inputs to inject new directives into the Content-Security-Policy CSP headers...

CVE-2024-12569

Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions...

PT-2024-17657 · Hikvision +1 · Hikvision Camera Driver +1

Name of the Vulnerable Software and Affected Versions: Milestone XProtect Device Pack affected versions not specified HikVision camera driver in XProtect Device Pack affected versions not specified Description: The issue is related to the disclosure of sensitive information in a log file of the...

Security Bulletin: IBM WebSphere Application Server is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details CVEID:CVE-2024-45085 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, under...

Dell RecoverPoint for Virtual Machines 访问控制错误漏洞

Dell RecoverPoint for Virtual Machines is a simple, efficient operations and disaster recovery solution from Dell, Inc. For virtualized applications in VMware environments. An Access Control Error vulnerability exists in Dell RecoverPoint for Virtual Machines version 6.0 SP1 and version 6.0 SP1 P...

Dell RecoverPoint for Virtual Machines 安全漏洞

Dell RecoverPoint for Virtual Machines is a simple, efficient operations and disaster recovery solution from Dell, Inc. For virtualized applications in VMware environments. A security vulnerability exists in Dell RecoverPoint for Virtual Machines version 6.0 SP1 and version 6.0 SP1 P1, which stem...