7887 matches found
CVE-2024-1106 Shariff Wrapper < 4.6.10 - Admin+ Stored XSS
The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1106 Shariff Wrapper < 4.6.10 - Admin+ Stored XSS
The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
SUSE CVE-2024-26594
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
LightPicture Code Issue Vulnerability
LightPicture is an enterprise/team/individual image resource management system, graphic bed system by osuuuu individual developers. LightPicture 1.2.2 and previous versions have a code issue vulnerability, the vulnerability stems from the file /app/controller/Setup.php will lead to unrestricted...
Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC When creating a new widget, insert...
Chat Bubble <= 2.3 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Atlassian Confluence Data Center And Server Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control', 'Description' = %q This module exploits a broken...
MikroTik RouterOS Improper Validation of Array Index (CVE-2020-11881)
An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964. This plugin only works with Tenable.ot. Please visit...
GHSA-XRVH-RVC4-5M43 Kirby vulnerable to unrestricted file upload of user avatar images
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. The attack requires user interaction by another user or visitor and cannot be automated. ---- Introduction Unrestricted upload of files with a dangerous type is a type o...
CVE-2023-52455
In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't setup the framebuffers, their address and size are 0 in "iommu-addresses" property. If IOVA region is reserved with 0 length, then it ends up corrupti...
CVE-2023-52455 iommu: Don't reserve 0-length IOVA region
In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't setup the framebuffers, their address and size are 0 in "iommu-addresses" property. If IOVA region is reserved with 0 length, then it ends up corrupti...
CVE-2024-26594
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
AZL-35452 CVE-2024-26594 affecting package hyperv-daemons for versions less than 5.15.153.1-1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
DEBIAN-CVE-2024-26594
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
UBUNTU-CVE-2024-26594
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
CVE-2024-26594 ksmbd: validate mech token in session setup
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
CVE-2024-26594 ksmbd: validate mech token in session setup
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
CVE-2024-26594
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that stems from the fact that if a client sends an invalid mechanical token in a session setup request, ksmbd validates it a...