7894 matches found
CVE-2024-10939
CVE-2024-10939 affects the Image Widget WordPress plugin prior to 4.4.11. The flaw is improper sanitization/escaping of certain Image Widget settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). Red Hat, NVD/NIS...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-49856)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49856 advisory. - In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Fix deadlock in SGX NUMA node...
CVE-2024-10010
The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9428 Popup Builder < 4.3.5 - Admin+ Stored XSS
The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
ALPINE-CVE-2024-47615
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gstparsevorbissetuppacket within vorbisparse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the...
DEBIAN-CVE-2024-47615
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gstparsevorbissetuppacket within vorbisparse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the...
AZL-62405 CVE-2024-47615 affecting package gstreamer1 1.20.0-2
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gstparsevorbissetuppacket within vorbisparse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the...
EulerOS 2.0 SP12 : xorg-x11-server (EulerOS-SA-2024-2946)
According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration a...
GStreamer 缓冲区错误漏洞
GStreamer is the GStreamer open source set of frameworks for processing streaming media. GStreamer suffers from a buffer error vulnerability that stems from an out-of-bounds write detected in the gstparsevorbissetuppacket function in vorbisparse.c. The vulnerability is caused by the detection of ...
Introducing Spring AI Amazon Bedrock Nova Integration via Converse API
The Amazon Bedrock Nova models represent a new generation of foundation models supporting a broad range of use cases, from text and image understanding to video-to-text analysis. With the Spring AI Bedrock Converse API integration, developers can seamlessly connect to these advanced Nova models a...
Exploit for Incorrect Authorization in Buddypress
사용법 1. docker를 build하여 취약한 wordpress, buddypress 환경을 구성한다...
CVE-2024-9651
The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9651 Contact Form Plugin by Fluent Forms < 5.2.1 - Admin+ Stored XSS
The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9651
CVE-2024-9651 relates to the Fluent Forms WordPress plugin, prior to version 5.2.1, where insufficient sanitization/escaping of certain plugin settings permits stored XSS. The issue can be exploited by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisi...
Synology Router Manager 安全漏洞
Synology Router Manager SRM is a software used to configure and manage Synology routers from China-based Synology. A security vulnerability exists in Synology Router Manager versions prior to 1.3.1-9346-10, which stems from improper input neutralization in the WiFi Connect setup feature, and is...
The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems arises from errors in system configuration or setup. This vulnerability allows attackers to gain unauthorized access to application configuration information.
The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to errors in system configuration or setup. Exploiting this vulnerability can allow an attacker to gain unauthorized access to application...
The vulnerability of the McAfee Direct Stub Installer, a component of the anti-virus protection software McAfee Total Protection, allows a perpetrator to enhance their privileges and execute arbitrary code.
The vulnerability of the McAfee Total Protection antivirus protection tool’s installation script is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...
GHSA-VRJR-P3XP-XX2X phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
Summary Exposure of database ie postgreSQL server's credential when connection to DB fails. Details Exposed database credentials upon misconfig/DoS @ permalink: https://github.com/thorsten/phpMyFAQ/blob/main/phpmyfaq/src/phpMyFAQ/Setup/Installer.phpL694 PoC When postgreSQL server is unreachable, ...
CVE-2024-10551
The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10551 Sticky Social Icons <= 1.2.1 - Admin+ Stored XSS
The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...