CVE-2024-3752 Crelly Slider <= 1.4.5 - Admin+ Stored XSS

The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3755

CVE-2024-3755 affects MF Gig Calendar for WordPress up to version 1.2.1. The root cause is that the plugin does not sanitize/escape certain settings, enabling a stored XSS when a high-privilege user (e.g., Editor) interacts with the plugin, even if unfiltered_html is disallowed (such as in multis...

CVE-2024-0904

CVE-2024-0904 affects Fancy Product Designer (WordPress plugin) versions prior to 6.1.81. The issue is due to incomplete sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Reported impact...

CVE-2023-41821

A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information...

CVE-2023-41821

A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information...

CVE-2023-41821

The CVE-2023-41821 entry concerns the Motorola Setup application and describes an improper export vulnerability that could allow a local attacker to read sensitive user information. The issue affects the Motorola Setup component and is driven by an export handling flaw that exposes sensitive data...

CVE-2024-3637

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2024-3637 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2023-41201

D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerabilit...

D-Link DAP-1325 安全漏洞

The D-Link DAP-1325 is a wireless access point/bridge from China's AUO D-Link that is primarily used to provide wireless network coverage and has a bridging feature that can convert a wired network to a wireless network or connect two wireless networks together. A security vulnerability exists in...

Motorola Setup 安全漏洞

Motorola Setup is an installation application from Motorola USA. A security vulnerability exists in Motorola Setup that stems from an incorrect export vulnerability that allows a local attacker to read sensitive user information...

PT-2024-12985 · Motorola · Motorola Setup

Name of the Vulnerable Software and Affected Versions: Motorola Setup application affected versions not specified Description: An improper export vulnerability was reported in the Motorola Setup application, allowing a local attacker to read sensitive user information. Recommendations: At the...

CVE-2024-26994

In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is set up really large and contains a really long word 256 characters, we have to stop before the length of the word buffer...

Linux kernel 安全漏洞

The Linux Kernel is the core part of the operating system and is responsible for managing system resources. A null pointer dereference vulnerability exists in the zynqclksetup function of the Linux Kernel. The vulnerability stems from the fact that after the kmalloc function fails to allocate...

IDonate <= 1.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to...

xorg-x11-server: Use-after-free bug in DestroyWindow

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration a multi-screen setup with multiple protocol screens, also known as Zaphod mode if the pointer is warped from within a window on one screen to the root window of the othe...

xorg-x11-server: Use-after-free bug in DestroyWindow

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration a multi-screen setup with multiple protocol screens, also known as Zaphod mode if the pointer is warped from within a window on one screen to the root window of the othe...

kernel: Bluetooth: hci_conn: Fix crash on hci_create_cis_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix crash on hcicreatecissync When attempting to connect multiple ISO sockets without using DEFERSETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hcicreatecissync+0x18b/0x2b0 Read of size...

kernel: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices

A flaw was found in the dp83822 module in the Linux kernel. A private data pointer is only initialized by the DP83822 PHY. It is left uninitialized by other smaller models, allowing a NULL pointer dereference to be triggered due to missing checks when interrupts are being configured, causing a...

kernel: Linux kernel: Denial of Service vulnerability in RDMA/rxe component

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe component. A local user could trigger a kernel panic by causing an error during the setup of a Queue Pair QP in rxecreateqp. This occurs when the system attempts to clean up resources by...