AZL-44382 CVE-2024-31083 affecting package xorg-x11-server 1.20.10-6

A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...

SUSE CVE-2024-31083

A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...

PT-2024-23670 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the "render-document.php" component. This enables the attacker to perform unauthorized actions on the affected...

CVE-2024-25696

CVE-2024-25696 is a cross-site scripting vulnerability in Esri Portal for ArcGIS affecting versions 11.0 and earlier. An attacker with remote access and high privileges (authenticated) can construct a link that causes the page editor to render an image in the victim’s browser, implying a stored/r...

CVE-2024-25696 Stored XSS in Portal for ArcGIS

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack...

CVE-2024-25690 HTML injection in ArcGIS Web AppBuilder

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser...

CVE-2024-2047

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files o...

PT-2024-18666 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.6 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server via the...

WordPress Plugin ElementsKit Elementor addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Elementor Addon Elements Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

StimulusReflex arbitrary method call

Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. Details To invoke a reflex a websocket message of the following shape is sent: json "target": "classnamemethodname", "args": The server will proceed to instantiate refl...

BIT-RAILS-2020-8163

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the locals argument of a render call to perform a RCE...

CVE-2023-43541

Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render...

Memory corruption

Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render...

CVE-2023-43541 NULL Pointer Dereference in Windows Graphics

Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render...

openSUSE: Security Advisory for rxvt (openSUSE-SU-2023:0306-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2024-31083

A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...

WordPress Plugin Schema & Structured Data for WP & AMP Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

Exploit for CVE-2024-25600

CVE-2024-25600Nuclei-Template Nuclei template and information...

PT-2024-14217 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this issue, the product implements a...