Cross-Site Scripting (XSS) in TYPO3 Backend

Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability...

GHSA-HQ37-RFJC-MR8H Cross-Site Scripting (XSS) in TYPO3 Backend

Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability...

[SECURITY] Fedora 40 Update: deepin-qt5platform-plugins-5.6.12-7.fc40

qt5platform-plugins is the Qt platform integration plugins for Deepin Desktop Environment...

[SECURITY] Fedora 40 Update: deepin-qt5integration-5.6.11-7.fc40

Multiple Qt plugins to provide better Qt5 integration for DDE is included...

Fedora 40 : deepin-qt5integration / deepin-qt5platform-plugins / dwayland / etc (2024-2e27372d4c)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-2e27372d4c advisory. Qt 5.15.14 bugfix update. ---- Fix CVE-2024-36048 Tenable has extracted the preceding description block directly from the Fedora security advisory...

CVE-2024-30528

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10...

ai.chronon:online_2.11 (>=0.0.25 <=revert-391-thread-0.0.24), ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2845 more potentially affected by CVE-2024-36124 via org.iq80.snappy:snappy (>=0.1 <=0.4)

org.iq80.snappy:snappy MAVEN version =0.1, =0.0.25, =0.0.86, =0.0.1, =0.0.1, =0.2.7, =1.0.1, =1.1.0, =1.7.0, =1.7.0, =1.0.0, =0.0.12, =1.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2024-36124 Source advisory: OSV:GHSA-8WH2-6QHJ-H7J9...

CVE-2024-35651

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2...

CVE-2024-35651

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2...

CVE-2024-35651 WordPress WP Flow Plus plugin <= 5.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2...

CVE-2024-35651 WordPress WP Flow Plus plugin <= 5.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2...

CVE-2023-34001

Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25...

SUSE SLED12: gstreamer-plugins-base / gstreamer-plugins-base-devel / etc (SUSE-SU-2024:1893-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1893-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata bsc1224806 Tenable ha...

SUSE: Security Advisory (SUSE-SU-2024:1910-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15: gstreamer-plugins-base / gstreamer-plugins-base-devel / etc (SUSE-SU-2024:1910-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1910-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata bsc1224806 Tenable has extracted the...

Popular WordPress Plugins Leave Millions Open to Backdoor Attacks

Fastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP…...

SUSE-SU-2024:1910-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata bsc1224806...

SUSE-SU-2024:1893-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata bsc1224806...

RHEL 6 : gstreamer-plugins-bad-free (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - gstreamer-plugins-bad-free: Missing initialization of allocated heap memory leads to information leak CVE-2016-9446...

RHEL 7 : gstreamer-plugins-base (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - GStreamer: heap-based buffer overflow in the RTSP connection parser via crafted server response leading to remote...