kernel: virtio-vdpa: Fix cpumask memory leak in virtio_vdpa_find_vqs()

A memory leak was found in the virtio-vdpa driver. The cpumask allocated by createaffinitymasks is not freed before the function returns, causing a small memory leak each time virtqueues are set up...

Sailthru Triggermail <= 1.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

Exploit for Incorrect User Management in Portainer

Portainer CVE-2024-29296 Proof of Concept Script Requireme...

CVE-2024-1905

CVE-2024-1905 concerns the Smart Forms WordPress plugin, prior to version 2.6.96. It allows stored XSS via unsanitised/未 escaped plugin settings, potentially affecting high-privilege users (e.g., admins), even when unfiltered_html is disallowed (including multisite). The issue is mitigated by upg...

Ncast high-definition intelligent recording and playback system 安全漏洞

Ncast high-definition intelligent recording and playback system is a high-definition intelligent recording and playback system from China-based Ncast. A security vulnerability exists in the Ncast high-definition intelligent recording and playback system, which stems from an insecure privilege...

PT-2024-25662 · Unknown · O-Ran E2T I-Release

Name of the Vulnerable Software and Affected Versions: O-RAN E2T I-Release affected versions not specified Description: The issue concerns the O-RAN E2T I-Release Prometheus metric Increment function, which can crash in sctpThread.cpp. This crash occurs when the Increment function is called for...

Exploit for Path Traversal in Aiohttp

poc-cve-2024-23334 This repository contains a proof of concept...

CVE-2024-2439

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2439

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2908

The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2603 Salon booking system <= 9.6.5 - Editor+ Stored XSS via Email Settings

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration to perform Stored Cross-Site Scripting attacks...

CVE-2024-2603

CVE-2024-2603 affects the Salon booking system WordPress plugin (versions ≤ 9.6.5). The issue is due to incomplete sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (admin or editor, depending on configuration) even when unfiltered_html is disallowed (e.g., mu...

CVE-2024-2439

CVE-2024-2439 affects the Salon booking system WordPress plugin up to version 9.6.5. The vulnerability is a Stored XSS arising from insufficient sanitization/escaping of plugin settings, enabling high-privilege users (e.g., Editor) to inject script even if unfiltered_html is disabled (e.g., multi...

CVE-2024-25917 WordPress WP Setup Wizard plugin <= 1.0.8.1 - Auth. Full Database Download Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1...

CVE-2024-2907

The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

[SECURITY] Fedora 38 Update: filezilla-3.67.0-1.fc38

FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFTP - Cross-platform - Available in many languages - Supports resume and transfer of large files greater than 4GB - Easy to use Site Manager and transfe...

WordPress plugin WP Setup Wizard 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An information disclosure...

CVE-2024-2402 Better Comments < 1.5.6 - Admin+ Stored XSS

The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

UBUNTU-CVE-2024-26880

In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend There is this reported crash when experimenting with the lvm2 testsuite. The list corruption is caused by the fact that the postsuspend and resume methods were not paired correctly;...

CVE-2024-26872

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srptrefreshport. This seems to be because an event handler is registered before the srpt devic...