CVE-2024-8913

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tpaccordion.php. This makes it possibl...

PT-2024-39314 · Elementor · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions prior to 5.6.12 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data. This is possible due to...

PT-2024-39684 · WordPress · Shoplentor

Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions prior to 2.9.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft Elementor template data. This is possible d...

CVE-2024-8499

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘renderreviewrequestnotice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possib...

WordPress Checkout Field Editor (Checkout Manager) for WooCommerce plugin <= 2.0.3 - Reflected Cross-Site Scripting via render_review_request_notice vulnerability

Reflected Cross-Site Scripting via renderreviewrequestnotice vulnerability discovered by vgo0 in WordPress Plugin Checkout Field Editor Checkout Manager for WooCommerce versions = 2.0.3...

CVE-2024-8910

CVE-2024-8910 concerns HT Mega – Absolute Addons For Elementor for WordPress. The vulnerability affects versions up to and including 2.6.5 and enables Sensitive Information Exposure via the render function in includes/widgets/htmega_accordion.php. Exploitation requires at least Contributor-level ...

CVE-2024-41725

ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting...

PT-2024-39068 · WordPress · Themesflat Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.2.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract limited post information from draft and future...

PT-2024-39311 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.6.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft...

Linux i915 PTE Use-After-Free

I found a bug in the i915 code that allows a process with access to a render node /dev/dri/renderD128 to corrupt kernel memory. This bug is subject to a 90-day disclosure deadline. If a fix for this issue is made available to users before the end of the 90-day deadline, this bug report will becom...

Exploit for Cross-site Scripting in Martinbarker Rendertune

RenderTune RCE A Proof-Of-Concept for CVE-2024-25292 vulnerab...

OESA-2024-2041 xorg-x11-server-xwayland security update

Xwayland is an X server for running X clients under Wayland. %package devel Summary: Development package Requires: pkgconfig %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland. %prep %autosetup -n...

OESA-2024-2042 xorg-x11-server-xwayland security update

Xwayland is an X server for running X clients under Wayland. %package devel Summary: Development package Requires: pkgconfig %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland. %prep %autosetup -n...

Spring Security Missing Authorization vulnerability

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

PT-2024-40862 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves functions such as chunk free object, pdfi interpret content stream, and pd...

PT-2024-38052 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.6 Description: The issue allows authenticated attackers with Contributor-level permissions and above to extract sensitive data, including private, future, and draft posts...

PT-2024-30602 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.7.2 Description: The issue allows authenticated attackers with contributor-level access and above to read the contents of arbitrary files on the server,...

CVE-2024-6329

CVE-2024-6329 affects GitLab CE/EE, with GitLab versions 8.16–17.0.5, 17.1–17.1.3, and 17.2–17.2.1 vulnerable to a web UI diff rendering issue when the path is encoded. Root cause: improper encoding/escaping of output in the web interface, leading to incorrect diff rendering. Impact is described ...

MAL-2024-7097 Malicious code in render-sample-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 531acbb1583ee41c2b1d689b07228870c585ff764c2fc902a93854b566181af0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in render-sample-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 531acbb1583ee41c2b1d689b07228870c585ff764c2fc902a93854b566181af0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...