126 matches found
OESA-2024-1659 python-tqdm security update
tqdm derives from the Arabic word taqaddum which can mean "progress". Instantly make your loops show a smart progress meter - just wrap any iterable with tqdminterable, and you are done! Security Fixes: tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments...
CVE-2024-3189
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...
CVE-2024-3189
CVE-2024-3189 affects Gutenberg Blocks by Kadence Blocks – Page Builder Features for WordPress. All versions ≤ 3.2.37 are vulnerable to Stored XSS via the plugin blocks (Testimonial, Progress Bar, Lottie Animations, Row Layout, Google Maps, Advanced Gallery) due to insufficient input sanitization...
CVE-2024-3189 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...
WordPress plugin Gutenberg Blocks by Kadence Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...
KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open an HTML file containing where is a valid ID: "...
UBUNTU-CVE-2024-34062
tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...
CVE-2024-34062
tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...
CVE-2024-34062 tqdm CLI arguments injection attack
tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...
tqdm 安全漏洞
tqdm is a fast, extensible progress bar for Python and the CLI from the tqdm open source. A security vulnerability exists in versions of tqdm prior to 4.66.3, which stems from the fact that any optional non-Boolean CLI arguments can be passed through python's eval, allowing arbitrary code executi...
CVE-2023-6525
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
PT-2024-14993 · WordPress · Elementskit Elementor Addons
Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.3 Description: The issue is related to Stored Cross-Site Scripting via the progress bar element attributes due to insufficient input sanitization and output...
CVE-2023-40954
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...
CVE-2023-40954
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...
CVE-2023-40954
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...
Sql injection
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...
PT-2023-27717 · Grzegorz Marczynski · Dynamic Progress Bar
Name of the Vulnerable Software and Affected Versions: Grzegorz Marczynski Dynamic Progress Bar versions 11.0 through 11.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 12.0 through 12.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 13.0 through 13.0.2 Grzegorz Marczynski Dynamic...
CVE-2023-40954
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...
CVE-2023-40954
CVE-2023-40954 is a SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (web_progress) affecting versions 11.0–11.0.2, 12.0–12.0.2, 13.0–13.0.2, 14.0–14.0.2.1, 15.0–15.0.2, and 16.0–16.0.2.1. The issue allows remote attackers to gain privileges via the recency parameter in mod...
WordPress Circle Progress 1.0 Cross Site Scripting
Exploit Title: WordPress Plugin Circle progress bar – Cross site scripting-Stored Date: 2-06-2023 Exploit Author: Taliya Bilal- NightHawk Vendor Homepage: https://wordpress.org/plugins/circle-progress-bar/ Version: 1.0 Tested on: Firefox Contact me: [email protected] Steps to reproduce: 1...