CVE-2023-25476 WordPress AmpedSense – AdSense Split Tester Plugin <= 4.68 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ezoic AmpedSense – AdSense Split Tester plugin = 4.68 versions...

CVE-2023-25476

CVE-2023-25476 affects the WordPress plugin AmpedSense – AdSense Split Tester (versions

WordPress Plugin AmpedSense - AdSense Split Tester Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin AmpedSense - AdSense Split...

WordPress AmpedSense – AdSense Split Tester Plugin <= 4.68 is vulnerable to Cross Site Scripting (XSS)

Software AmpedSense – AdSense Split Tester Type Plugin Vulnerable versions = 4.68 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25476 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7e14cb3c2001 Credits...

CVE-2023-34319

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many piece...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Ensure rdmaaddrcancel happens before issuing more requests CVE-2021-47391 A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality...

PT-2023-27521 · Ironic +2 · Ironic +2

Name of the Vulnerable Software and Affected Versions: ironic-image versions prior to capm3-v1.4.3 Description: The issue arises when Ironic is not deployed with TLS and does not have API and Conductor split into separate services, resulting in unprotected access to the API. By default, Ironic AP...

PT-2025-53198

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the btrfs file system related to incorrect splitting in the btrfs drop extent map range function. This can lead to invalid extent maps being...

CVE-2023-34319

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many piece...

Spoofed IP Addresses for FQDN Based Tunneling

To understand the concept of Spoofed IP address in Split Tunnel of FQDN based tunneling...

SUSE CVE-2022-4925

Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. Chromium security severity: Low...

Google Chrome Resource Management Error Vulnerability

Google Chrome is a web browser from Google, Inc. A resource management error vulnerability previously existed in Google Chrome version 115.0.5790.98, which stemmed from a post-release reuse issue in Splitscreen...

Out-of-bounds write when handling split HTTP headers

...

AZL-27552 CVE-2022-28734 affecting package grub2 for versions less than 2.06-12

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

AZL-34789 CVE-2022-28734 affecting package grub2 for versions less than 2.06-14

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

WordPress BSD Split Pay for Stripe Connect on Woo Plugin < 3.2.10 is vulnerable to Cross Site Scripting (XSS)

Software BSD Split Pay for Stripe Connect on Woo Type Plugin Vulnerable versions 3.2.10 Fixed in 3.2.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cfd0c7adef7 Credits Rafie...

PyPDF2 安全漏洞

PyPDF2 is a free open source pure python PDF library . Able to split, merge, crop and convert pages of a PDF file . pypdf version 2.10.6 before the existence of a security vulnerability , the vulnerability stems from the existence of an infinite loop , will block the process...

PT-2025-41125

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s bcache subsystem related to memory allocation. Specifically, the bch btree node alloc function could return a NULL pointer under certain conditions...

Memory corruption

Rejected reason: CVE split into individual CVE IDs for each software record...

Chain split caused by memory corruption in EVM

Lines of code Vulnerability details Chain split caused by memory corruption in EVM We recently found that the op-geth@3fa9e81 repository has a memory corruption vulnerability in EVM, which can cause a consensus error. Specifically, vulnerable nodes obtain a different stateRoot when processing a...