SUSE CVE-2022-0294

Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...

SUSE CVE-2023-0394

A NULL pointer dereference flaw was found in rawv6pushpendingframes in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash...

Remote Code Execution (RCE)

simple-git is vulnerable to Remote Code Execution RCE. The vulnerability exists due to improper sanitization of the clone, pull, push and listRemote methods which allows an attacker to execute arbitrary code...

Let it snow! Wiz and Snowflake join forces to power insights with actionable intelligence

Automatically push Wiz-identified cloud security issues to Snowflake to analyze and accurately report on your cloud security metrics...

Cyberthreats facing UK finance sector "a national security threat"

As the reports covering all of 2022 start trickling in, we can see that cybercrime and other types of fraud had a major impact last year. Take for example the 2022 half year fraud update by UK Finance, which tells us that criminals stole a total of £609.8 million roughly $750 million through...

simple-git 安全漏洞

simple-git is a lightweight interface for running git commands in any node.js application. A security vulnerability exists in simple-git prior to version 3.16.0, which stems from the clone, pull, push, and listRemote methods not being properly cleaned up and escaped...

CVE-2022-25860

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

Remote Code Execution (RCE)

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to...

WordPress Jeeng Push Notifications plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...

CVE-2022-3610

The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3610

The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3610 Jeeng Push Notifications < 2.0.4 - Admin+ Stored Cross-Site Scripting

The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3610

CVE-2022-3610 affects the WordPress Jeeng Push Notifications plugin (versions before 2.0.4). The vulnerability arises because the plugin does not sanitize and escape certain settings, which could allow high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting even when unfiltered...

WordPress plugin Jeeng Push Notifications 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...

NETGEAR R7000P Buffer Overflow Vulnerability

The NETGEAR R7000P is Netgear's Nighthawk series of dual-band routers optimized for gaming, streaming and mobile devices. The NETGEAR R7000P suffers from a buffer overflow vulnerability that stems from being affected by a buffer overflow via the parameter openvpnpush1. No detailed vulnerability...

Low: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Denial of Service (DoS)

Overview apple/swift-nio-http2 is a HTTP/2 support for SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS. This can be caused by a network peer sending a specially crafted HTTP/2 frame, due to a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSHPROMISE fra...

WordPress Jeeng Push Notifications plugin <= 2.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariam Tariq in WordPress Jeeng Push Notifications plugin versions = 2.0.3. Solution Update the WordPress Jeeng Push Notifications plugin to the latest available version at least 2.0.4...

Jeeng Push Notifications < 2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Account ID"...