CVE-2024-10493

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the...

CVE-2024-10493

The CVE-2024-10493 affects Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) for WordPress prior to 5.10.3. It stems from insufficient validation/escaping of certain block options, allowing Stored XSS by users with contributor+ permissions w...

WordPress plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-16315 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: Element Pack Elementor Addons plugin for WordPress versions prior to 5.10.3 Description: The issue concerns the Element Pack Elementor Addons plugin for WordPress, which does not validate and escape some of its block options before outputting...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2024-8116)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8116 advisory. - Fixes CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 - 1001-orabug36904359-CVE-2024-21131-fix.patch -...

Oracle Linux 7 : java-11-openjdk (ELSA-2024-8120)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8120 advisory. - Fixes CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 - 1001-orabug36904359-CVE-2024-21138-fix.patch -...

MAL-2024-11110 Malicious code in toast-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88a339deff592f10f6ee1b2fa1d7881b787ed15a4713255009f176acd8088f55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in toast-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88a339deff592f10f6ee1b2fa1d7881b787ed15a4713255009f176acd8088f55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-QG5G-GV98-5FFH vulnerabilities

Vulnerabilities for packages: parseable, qdrant, wash, fnm, uv, pixi, wasmcloud, xh, zed, wasm-pack, ntpd-rs, tealdeer, ztunnel, cargo-audit, wadm...

IBM DB2 DoS (7175943) (Unix)

According to its self-reported version number, IBM Db2 on Unix is vulnerable to a denial of service when querying certain tables using a specially crafted statement. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

IBM DB2 DoS (7175943) (Windows)

According to its self-reported version number, IBM Db2 on Windows is vulnerable to a denial of service when querying certain tables using a specially crafted statement. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability

Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability in the JDBC component with fix pack dvm-jdbc-3.1.202406111013. Vulnerability Details CVEID: NA Description: Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to information disclosure which is vulnerable to this CVE-2023-50314

Summary Security Bulletin:IBM WebSphere Application Server Liberty is vulnerable to information disclosure which is vulnerable to this CVE-2023-50314. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM...

CVE-2024-50542

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zachsilberstein RLM Elementor Widgets Pack rlm-elementor-widgets-pack allows DOM-Based XSS.This issue affects RLM Elementor Widgets Pack: from n/a through = 1.3.1...

CVE-2024-50542

CVE-2024-50542 is a DOM-based XSS in the WordPress plugin RLM Elementor Widgets Pack (Zach Silberstein) affecting versions up to 1.3.1. The issue arises from improper input handling during web page generation. Public sources in the connected documents confirm the vulnerability type (DOM-based XSS...

CVE-2024-50542 WordPress RLM Elementor Widgets Pack plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zachsilberstein RLM Elementor Widgets Pack rlm-elementor-widgets-pack allows DOM-Based XSS.This issue affects RLM Elementor Widgets Pack: from n/a through = 1.3.1...

CVE-2024-50542 WordPress RLM Elementor Widgets Pack plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zachsilberstein RLM Elementor Widgets Pack rlm-elementor-widgets-pack allows DOM-Based XSS.This issue affects RLM Elementor Widgets Pack: from n/a through = 1.3.1...

WordPress plugin RLM Elementor Widgets Pack 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-34320 · Unknown · Rlm Elementor Widgets Pack

Name of the Vulnerable Software and Affected Versions: RLM Elementor Widgets Pack versions 1.3.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This can lead to cross-site scripting attacks...

CVE-2023-20036

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An...