SUSE CVE-2024-32041

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate /gfx on by default, set /bpp or /rfx options...

GHSA-PPF8-HHPP-F5HJ Hugo Markdown titles do not escaped in internal render hooks

Impact Title argument in Markdown for links and images not escaped in internal render hooks. Impacted are Hugo users who have these hooks enabled and do not trust their Markdown content files. Patches Patched in v0.125.3. Workarounds Replace with user defined templates or disable the internal...

Hugo Markdown titles do not escaped in internal render hooks

Impact Title argument in Markdown for links and images not escaped in internal render hooks. Impacted are Hugo users who have these hooks enabled and do not trust their Markdown content files. Patches Patched in v0.125.3. Workarounds Replace with user defined templates or disable the internal...

DEBIAN-CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

UBUNTU-CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875 Hugo doesn't escape markdown title in internal render hooks

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875 Hugo doesn't escape markdown title in internal render hooks

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875 Hugo doesn't escape markdown title in internal render hooks

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

CVE-2024-32875

Hugo static site generator vulnerability CVE-2024-32875 affects versions prior to 0.125.3 (starting in 0.123.0). The issue is that title arguments in Markdown for links and images were not escaped in internal render hooks, potentially impacting users who have these hooks enabled and do not trust ...

CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

The vulnerability of the ProcRenderAddGlyphs() function in the X Window System Xorg-server allows a hacker to execute arbitrary code.

The vulnerability of the ProcRenderAddGlyphs function in the X Window System Xorg-server lies in the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created file...

CVE-2024-30920

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component...

CVE-2024-30920

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component...

CVE-2024-30920

CVE-2024-30920 is a Cross Site Scripting (XSS) vulnerability in DerbyNet v9.0 and earlier, enabling a remote attacker to execute arbitrary code via the render-document.php component. The root cause cited is improper sanitization of user input in document rendering paths (exposure of debug informa...

CVE-2024-30920

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component...

CVE-2024-1974

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files...

WordPress Plugin HT Mega 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18463 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.4.7 Description: The issue allows authenticated attackers with contributor access or higher to read the contents of arbitrary files on the server, potentially...