CVE-2024-30427

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.7...

OESA-2024-1340 gstreamer1-plugins-base security update

GStreamer is a graphics library for built-in media processing components. BasePlug-ins is a the collections used to maintain the GStreamer plugin. Security Fixes: Heap-based buffer overflow in the subparse subtitle parser when handling certain SRT subtitle files in GStreamer versions before 1.22....

Winter 安全漏洞

Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A security vulnerability exists in Winter v.1.2.3 that originated from a vulnerability that allows remote attackers to execute arbitrary code via CMS page fields and plugin components using a crafted paylo...

CVE-2024-30192

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2...

CVE-2024-30192 WordPress Pinterest Plugin <= 1.8.2 - Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2...

CVE-2024-30192

CVE-2024-30192 affects the WordPress GS Pins for Pinterest plugin (GS Pins for Pinterest) up to version 1.8.2. It is a Stored XSS vulnerability caused by improper neutralization of user input during web page generation, which can be triggered via shortcode usage on vulnerable sites. The issue is ...

CVE-2024-24842

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2...

CVE-2024-24842

CVE-2024-24842 affects WordPress plugin “Knowledge Base for Documentation, FAQs with AI Assistance” (Echo Knowledge Base) up to version 11.30.2. Public docs describe an unauthenticated PHP object injection caused by deserialization in is_article_recently_viewed, enabling PHP object injection thro...

WordPress Plugin Compact WP Audio Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

@atlarafirm/quillkit (>=1.2.0 <=1.3.8), @grafana/faro-bundlers-shared (>=0.0.0 <=0.1.1) +8 more potentially affected by CVE-2024-28863 via node-tar (=1.0.0)

node-tar NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-tar and may be impacted: - @atlarafirm/quillkit =1.2.0, =0.0.0, =0.0.0, =0.0.0, =0.1.0, =0.0.2, =0.0.17, =0.0.24 Source cves: CVE-2024-28863 Source advisory:...

CVE-2024-0638 Privilege escalation in mk_oracle plugins

Least privilege violation in the Checkmk agent plugins mkoracle, mkoracle.ps1, and mkoraclecrs before Checkmk 2.3.0b4 beta, 2.2.0p24, 2.1.0p41 and 2.0.0 EOL allows local users to escalate privileges...

CVE-2024-0638 Privilege escalation in mk_oracle plugins

Least privilege violation in the Checkmk agent plugins mkoracle, mkoracle.ps1, and mkoraclecrs before Checkmk 2.3.0b4 beta, 2.2.0p24, 2.1.0p41 and 2.0.0 EOL allows local users to escalate privileges...

CVE-2024-0638

CVE-2024-0638 involves a least-privilege escalation in the Checkmk agent plugins mk_oracle , mk_oracle.ps1 , and mk_oracle_crs . Affected versions are Checkmk prior to: 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41, and 2.0.0 (EOL). The issue allows local users to escalate privileges due to the plugins’ han...

VulnCheck KEV: CVE-2024-2172

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web...

CVE-2024-29089

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaurant Menu: from n/a through 2.4.14...

CVE-2024-29089

CVE-2024-29089 is a Stored XSS vulnerability in Five Star Restaurant Menu (WordPress plugin) affecting versions up through 2.4.14. The issue stems from improper input neutralization during web page generation, enabling stored cross-site scripting. The linked Red Hat/Wordfence entries confirm the ...

CVE-2024-28394

An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module...

PT-2024-22414 · Unknown · Advanced Plugins Reportsstatistics

Name of the Vulnerable Software and Affected Versions: Advanced Plugins reportsstatistics versions 1.3.20 and earlier Description: An issue in Advanced Plugins reportsstatistics allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module...

CVE-2024-28394

The CVE-2024-28394 issue affects Advanced Plugins reportsstatistics versions 1.3.20 and earlier, allowing a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module. The vulnerability is documented across multiple sources (NVD/Red Hat/CVE List) wi...

RHEL 9 : libreoffice (RHSA-2024:1427)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1427 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...