7893 matches found
CVE-2024-3636
The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2872
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2024-2872 Swift Framework < 2024.04.30 - Contributor+ Stored XSS
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2024-2872
The CVE-2024-2872 entry concerns the socialdriver-framework WordPress plugin, affected versions prior to 2024.04.30. The root cause is inadequate sanitisation and escaping of certain settings, enabling stored XSS by high-privilege users (e.g., Contributors), even when unfiltered_html is disallowe...
PT-2024-38319 · Chargepoint · Chargepoint Home Flex
Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. The specific flaw exists...
kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...
CVE-2024-6536 Zephyr Project Manager < 3.3.99 - Editor+ XSS
The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
PT-2024-23793 · WordPress · Formflow: Whatsapp Social/Advanced Form Builder With Easy Lead Collection
Name of the Vulnerable Software and Affected Versions: The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin versions prior to 2.12.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, ev...
CVE-2024-6487
The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Sonoma prior to version 14.6, which stems from the fact that enabling Locked Mode when setting up a Mac may cause FileVault to be accidentally disabled...
Exploit for Path Traversal in Microsoft
Exploiting Follina CVE and CVE-2021-40444 Vulnerabilities...
PT-2024-37722 · WordPress · Aramex Shipping Woocommerce
Name of the Vulnerable Software and Affected Versions: Aramex Shipping WooCommerce plugin for WordPress versions up to, and including, 1.1.21 Description: The issue allows unauthenticated attackers to retrieve the full path of the web application, which can aid other attacks. This is due to the...
MAL-2024-12311 Malicious code in netsec-monitor (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d53ca1631ad5169910977a710485caa2e85f057cba20a5d29bdcaeccda0cf4f9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in pinloggertest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d5f6beadd08c32e5fd2f899428285a58ab3d696ef0fc06d2eff10e2d8630fa9a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2024-12340 Malicious code in route-search (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2c63ae8357166fc3afca468347faccce408b6ad59df7d33f958dc0b4f593b598 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2024-12265 Malicious code in evil-pkk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 08a7017f27a32357776a4c781a0f5d29d48569562b97c03f91811af7aaaac2ca Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2024-12274 Malicious code in flexssl (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 03236867334bb1faf1e018f54b89046a0edf300be0152c00bf921dadaee600b0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in companyx-metaflow (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ec7089679a9c5637609b94cb606e78aa693a8bd224ba334ca46b3f48c54169c1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in adafruit-display-text (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e23c09627673ad313852ef48f846b3ddd5a27a8eb53f0be5ce034a88f45c1a93 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in canvas-crawler (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e26aa849df7710714fbcef97638e99ec2f03a138b1e27c78ad0bb2caff64d5e1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...