25 matches found
EUVD-2024-45114
Malicious code in bioql PyPI...
Neon App pays users to record their phone calls, sells data for AI training [updated]
TechCrunch reports about a “bizarre app” inviting you to record and share your audio calls so that it can sell the data to AI companies. And if that’s not weird enough on its own, it’s ranking No. 2 in Apple's US app store at the time of writing. The name of the app is Neon Mobile and it promises...
Secure One-Sided Device-Independent Quantum Key Distribution under Collective Attacks with Enhanced Robustness
We study the security of a quantum key distribution QKD protocol under the one-sided device-independent 1sDI setting, which assumes trust in only one party's measurement device. This approach effectively provides a balance between the experimental viability of device-dependent DD-QKD and the...
CVE-2024-50554
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sided Sided sided allows DOM-Based XSS.This issue affects Sided: from n/a through = 1.4.5...
CVE-2024-50554
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sided Sided sided allows DOM-Based XSS.This issue affects Sided: from n/a through = 1.4.5...
CVE-2024-50554 WordPress Sided plugin <= 1.4.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sided Sided sided allows DOM-Based XSS.This issue affects Sided: from n/a through = 1.4.5...
CVE-2024-50554 WordPress Sided plugin <= 1.4.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sided Sided sided allows DOM-Based XSS.This issue affects Sided: from n/a through = 1.4.5...
CVE-2024-50554
CVE-2024-50554 is a DOM‑based XSS in the WordPress plugin Sided. The vulnerability arises from improper input neutralization during web page generation, affecting Sided versions up to 1.4.2 (n/a through 1.4.2 per CVE description). Connected sources also reference affected plugin versions and cros...
PT-2024-34333 · Sided · Sided
Name of the Vulnerable Software and Affected Versions: Sided versions n/a through 1.4.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potential attackers to inject maliciou...
WordPress plugin Sided 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...
WordPress Sided plugin <= 1.4.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Sided versions = 1.4.5...
WordPress Sided Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Sided Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50554 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6ea37d841f44 Credits SOPROBRO Required privilege Contributor Published ...
zeek -- potential DoS vulnerability
Tim Wojtulewicz of Corelight reports: The POP3 parser has been hardened to avoid unbounded state growth in the face of one-sided traffic capture or when enabled for non-POP3 traffic...
FreeBSD : zeek -- potential DoS vulnerability (d47b7ae7-fe1d-4f7f-919a-480ca8035f00)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d47b7ae7-fe1d-4f7f-919a-480ca8035f00 advisory. Tim Wojtulewicz of Corelight reports: The POP3 parser has been hardened to avoid unbounded state growth...
GHSA-MQ3X-QGWX-3RFW Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection
Impact The pimcore application is vulnerable to Formula Injection/CSV Injection via the Firstname, Lastname, Street, Zip & City input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a crafted excel file. Successful exploitation can lead to impacts such ...
Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection
Impact The pimcore application is vulnerable to Formula Injection/CSV Injection via the Firstname, Lastname, Street, Zip & City input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a crafted excel file. Successful exploitation can lead to impacts such ...
K60570139: Rowhammer hardware vulnerability CVE-2020-10255
Security Advisory Description Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain...
CSV Injection
luyadev/yii-helpers is vulnerable to CSV injection. The vulnerability is possible because the library does not properly neutralize the Firstname and the Lastname, which allows an attacker to inject malicious inputs causing several harmful outcomes such as, client-sided command injection, code...
Improper neutralization of formula elements in yii-helpers
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...
Uniswap / Sushiswap prices can be manipulated through flashloans
Handle cmichel Vulnerability details The UniswapV2CSSR.getExchangeRatio uses the current reserve to derive the exchange ratio. The fact that it mixes in historic data does not matter because it still uses the current reserves which can be manipulated through flashloans in currentPriceCumulative...