PT-2024-11610 · WordPress · Font Awesome 4 Menus

Name of the Vulnerable Software and Affected Versions: Font Awesome 4 Menus WordPress plugin versions prior to 4.7.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

PT-2024-11922 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form WordPress plugin versions prior to 1.1.151 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

PT-2024-1535 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the Setup, Admin component of the Oracle Knowledge Management system. This can allow a remote attacker to gain read,...

Cross site scripting

The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...

CVE-2023-6163 WP Crowdfunding < 2.1.10 - Admin+ Stored XSS

The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-6163 WP Crowdfunding < 2.1.10 - Admin+ Stored XSS

The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Design/Logic Flaw

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...

CVE-2023-50290

Apache Solr (versions 9.0.0–9.2.x) is vulnerable to CVE-2023-50290 via the Metrics API, which publishes all unprotected host environment variables. The root cause is that environment variables are not strictly definable in Solr and may be exposed even in Clouds with authorization, until fixed. Th...

CVE-2023-50290

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...

PT-2024-3478

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the function edp setup replay in the Linux kernel, specifically in the module drivers/gpu/drm/amd/display/dc/link/protocols/link edp panel control.c. The problem...

PT-2024-2003 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel ksmbd affected versions not specified Description: The issue is related to the incorrect handling of authentication tokens in the smb2 sess setup function within the Linux kernel's ksmbd server. This can potentially allow an...

SUSE CVE-2023-37117

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP...

CVE-2023-37117

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP...

CVE-2023-37117

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP...

CVE-2023-37117

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP...

Heap overflow

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP...

CVE-2023-37117

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP...

CVE-2023-37117

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP...

live555 Security Breach

Live555 is a cross-platform C++ open source project that provides a solution for streaming media, which implements support for standard streaming media transport protocols such as RTP/RTCP, RTSP, SIP, etc. A security vulnerability exists in live555 version number 2023.05.10, which stems from a...