CVE-2023-52461

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drmschedentityinit--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the...

WordPress File Manager Pro Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.4 Fixed in 8.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7015 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 809f77f5638f Credits Tobias Weißhaar...

CVE-2024-1085

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftsetelemcatchalldeactivate function checks whether the catch-all set element is active in the current generation instead of the next generation before...

WordPress Table of Contents Plus Plugin <= 2302 is vulnerable to Cross Site Request Forgery (CSRF)

Software Table of Contents Plus Type Plugin Vulnerable versions = 2302 Fixed in 2309 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44473 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9767a2935241 Credits Muhammad Daffa...

WordPress Product Delivery Date Plugin < 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Product Delivery Date Type Plugin Vulnerable versions 1.1.5 Fixed in 1.1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 01a83af05e0b Credits Rafie Muhammad Patchstack...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0691 Patch priority Medium CVSS severity Medium 4.3 Developer Wpmet PSID 747e7584ba0a Credits Ramuel...

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0693 Patch priority High CVSS severity High 6.5 Developer Wpmet PSID a48d4f77e351 Credits Ramuel Gall...

WordPress CM Pop-Up banners Plugin <= 1.5.10 is vulnerable to SQL Injection

Software CM Pop-Up banners Type Plugin Vulnerable versions = 1.5.10 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-30750 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID a1957d5dbbe6 Credits Dave Jong Patchstack Required privilege...

WordPress Weaver Xtreme Theme Support Plugin <= 6.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0276 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 323a045198cd Credits István...

SUSE CVE-2014-3683

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service crash via a large priority PRI value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634...

Stack overflow

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

Security update for libsolv, libzypp, zypper (important)

openSUSE Security Update: Security update for libsolv, libzypp, zypper Announcement ID: openSUSE-SU-2022:1157-1 Rating: important References: 1184501 1194848 1195999 1196061 1196317 1196368 1196514 1196925 1197134 Affected Products: openSUSE Leap Micro 5.2 An update that contains security fixes c...

CVE-2022-34643

RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory...

CVE-2022-34643

RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory...

VulFi - Plugin To IDA Pro Which Can Be Used To Assist During Bug Hunting In Binaries

The VulFi Vulnerability Finder tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all cross-references to the most interesting functions such as strcpy, sprintf, system, etc.. For cases where a Hexrays...

Vulristics Command Line Interface, improved Product & Vuln. Type Detections and Microsoft Patch Tuesday November 2021

Hello everyone! In this episode I want to highlight the latest changes in my Vulristics project. For those who dont know, this is a utility for prioritizing CVE vulnerabilities based on data from various sources.. Currently Microsoft, NVD, Vulners, AttackerKB. Command Line Interface I started...

Integer overflow

Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number...

CVE-2020-18684

Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number...

Adobe Patches Critical RCE Flaw in Character Animator App

Adobe has issued an out-of-band patch for a critical flaw in Adobe Character Animator, its application for creating live motion-capture animation videos. The flaw can be exploited by a remote attacker to execute code on affected systems. The flaw CVE-2020-9586 is found in versions 3.2 and earlier...

Microsoft security advisory: Update to default cipher suite priority order: May 12, 2015

Microsoft security advisory: Update to default cipher suite priority order: May 12, 2015 INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory,...