CVE-2024-41502

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS via the form field "Observaces" observances in the "Pessoas" persons section when creating or editing either a legal or a natural person...

Jetimob Plataforma Imobiliaria 跨站脚本漏洞

Jetimob Plataforma Imobiliaria is a real estate platform from Jetimob Brazil. A cross-site scripting vulnerability exists in Jetimob Plataforma Imobiliaria version 20240627-0, which stems from a cross-site scripting vulnerability in the Observaces field of the Pessoas section, which could lead to...

CVE-2024-41504

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS. In the "Oportunidades" opportunities section of the application when creating or editing an "Atividade" activity, the form field "Descrico" allows injection of JavaScript...

NVIDIA cuobjdump ELF Section Parsing Integer Overflow Vulnerability

Talos Vulnerability Report TALOS-2025-2151 NVIDIA cuobjdump ELF Section Parsing Integer Overflow Vulnerability June 2, 2025 CVE Number CVE-2025-23247 SUMMARY An integer overflow vulnerability exists in the ELF Section Parsing functionality of NVIDIA cuobjdump 12.8.55. A specially crafted fatbin...

SUSE CVE-2024-22653

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasmsectionbcsappend function at section.c...

AZL-64274 CVE-2024-22653 affecting package yasm for versions less than 1.3.0-17

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasmsectionbcsappend function at section.c...

DEBIAN-CVE-2024-22653

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasmsectionbcsappend function at section.c...

CVE-2024-22653

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasmsectionbcsappend function at section.c...

UBUNTU-CVE-2024-22653

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasmsectionbcsappend function at section.c...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the yasmsectionbcsappend function in section.c. An attacker can cause the application to crash by triggering a null pointer dereference. Remediation A fix was pushed into the master branch but not yet...

CVE-2025-5151

Defog.ai Introspect up to version 0.1.4 contains a code injection vulnerability in introspect/backend/tools/analysis_tools.py: execute_analysis_code_safely, caused by unsafe handling of the code argument. An attacker on the local host could exploit this without user interaction. A patch identifie...

CVE-2025-46537

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ctltwp Section Widget section-widget allows Reflected XSS.This issue affects Section Widget: from n/a through = 3.3.1...

CVE-2025-46537

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ctltwp Section Widget section-widget allows Reflected XSS.This issue affects Section Widget: from n/a through = 3.3.1...

CVE-2025-46537 WordPress Section Widget plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ctltwp Section Widget allows Reflected XSS. This issue affects Section Widget: from n/a through 3.3.1...

CVE-2025-46537

CVE-2025-46537 is a WordPress Section Widget vulnerability (ctltwp Section Widget) that allows a Reflected XSS due to improper input neutralization during web page generation. Affected versions are listed as n/a through 3.3.1. The issue is corroborated in multiple sources (NVD/Red Hat/CVE records...

CVE-2025-46537 WordPress Section Widget plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ctltwp Section Widget section-widget allows Reflected XSS.This issue affects Section Widget: from n/a through = 3.3.1...

CVE-2024-42772

An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section...

CVE-2024-32345

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section...

CVE-2024-1771

The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...

CVE-2024-25221

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...