UBUNTU-CVE-2024-50011

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which stems from a SQL injection vulnerability in the selectFields parameter of the index method of...

How should <selectedoption> work?

We're finally getting a way to fully style & customise elements! But there's a detail I'd like everyone's opinion on. Update: Your feedback was heard, and folks have agreed to change the behaviour here. See the update below. A brief intro to customisable If you want to hear about it in depth, I...

How should work?

We're finally getting a way to fully style & customise elements! But there's a detail I'd like everyone's opinion on. A brief intro to customisable If you want to hear about it in depth, I talked about it on OTMT, and there's a great post by Una Kravets. But here's a whirlwind tour: / Opt in to t...

openssl: SSL_select_next_proto buffer overread

A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...

Improper Authorization in Select Permissions

Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a SELECT operation on a table...

GHSA-9722-9J67-VJCR Improper Authorization in Select Permissions

Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a SELECT operation on a table...

PT-2024-40214 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.0.4 Description: The issue arises from the order in which permissions are processed, leading to potential leaks of field values or record contents to users without the required permissions. This can occur in...

GHSA-QVQV-MCXR-X8QW Slim Select has potential Cross-site Scripting issue

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

Slim Select has potential Cross-site Scripting issue

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

@briza/air (>=0.1.21 <=0.1.22), @doorons/do-ui (>=1.1.3 <=1.3.6) +7 more potentially affected by CVE-2024-9440 via slim-select (=2.13.1)

slim-select NPM version =2.13.1 is affected by a known vulnerability. The following packages have a transitive dependency on slim-select and may be impacted: - @briza/air =0.1.21, =1.1.3, =0.7.0-beta.2, =0.4.0-beta.8, =4.2.6-alpha.16, =1.0.2, =2.0.0-beta.0, =1.0.9, =2.2.2 Source cves: CVE-2024-94...

CVE-2024-9440

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

CVE-2024-9440

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

CVE-2024-9440 Slim Select 2.0 createOption "text" XSS

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

CVE-2024-9440

Summary: CVE-2024-9440 affects Slim Select, version 2.0–2.9.0. The root cause is in the createOption() function where the user-provided text is assigned to innerHTML without sanitization, enabling cross-site scripting. Impact (as described): Dynamic list generation using unsanitized input may all...

CVE-2024-9440 Slim Select 2.0 createOption "text" XSS

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

PT-2024-39633 · Unknown · Slim Select

Name of the Vulnerable Software and Affected Versions: Slim Select versions 2.0 through 2.9.0 Description: The issue is a potential cross-site scripting vulnerability. In the createOption function, the text variable from the user-provided Options object is assigned to an innerHTML without...

Slim Select 安全漏洞

Slim Select is an advanced select dropdown menu by Brian Voelker Personal Developer. A security vulnerability exists in Slim Select versions 2.0 through 2.9.0, which stems from a dynamically generated list that is not cleaned of user-supplied input, and is susceptible to a cross-site scripting...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 128.2.3 MFSA 2024-43 bsc1229821 CVE-2024-8394: Crash when aborting verification of OTR chat. CVE-2024-8385: WASM type confusion involving ArrayTypes. CVE-2024-8381: Type confusion when looking up a property name in...

MAL-2024-12266 Malicious code in evil-select-pkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 db8225867ca74c2a2192382dc4abcc5119fb1ac07049412245e3a686524138f8 Package description attempts to pentest/exploit the PyPI web interface. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but als...