CVE-2024-50388 HBS 3 Hybrid Backup Sync

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-50388 HBS 3 Hybrid Backup Sync

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-50388

CVE-2024-50388 is an OS command injection vulnerability affecting HBS 3 Hybrid Backup Sync. The vulnerability could allow remote code execution; affected versions include prior to 25.1.1.673, with fixes in 25.1.1.673 and later. Public disclosures in multiple feeds corroborate remote-command execu...

CVE-2024-53820

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Stored XSS.This issue affects Captivate Sync: from n/a through = 2.0.22...

CVE-2024-53820 WordPress Captivate Sync plugin <= 2.0.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Stored XSS.This issue affects Captivate Sync: from n/a through = 2.0.22...

CVE-2024-53820 WordPress Captivate Sync plugin <= 2.0.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a through 2.0.22...

CVE-2024-53820

CVE-2024-53820 corresponds to a Stored XSS in the WordPress Captivate Sync plugin (Captivate Sync) up to version 2.0.22, caused by improper input neutralization during web-page generation. Multiple sources (NVD, CVE listings, Red Hat advisory, Patchstack entry, and Wordfence vulnerability notes) ...

CVE-2024-11368 Splash Sync <= 2.0.7 - Reflected Cross-Site Scripting

The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

CVE-2024-11368 Splash Sync <= 2.0.7 - Reflected Cross-Site Scripting

The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

CVE-2024-11368

CVE-2024-11368 affects Splash Sync (WordPress) up to version 2.0.6. The vulnerability is a reflected Cross‑Site Scripting (XSS) caused by improper escaping in add_query_arg, enabling unauthenticated attackers to inject scripts into pages that a user visits after being tricked into performing an a...

PT-2024-16940 · WordPress · Splash Sync

Name of the Vulnerable Software and Affected Versions: Splash Sync plugin for WordPress versions up to, and including, 2.0.6 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web scripts into page...

PT-2024-35936 · Adobe · Captivate Sync

Name of the Vulnerable Software and Affected Versions: Captivate Sync versions through 2.0.22 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions...

WordPress plugin Splash Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress plugin Captivate Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Splash Sync plugin <= 2.0.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Splash Sync versions = 2.0.7...

SUSE CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

SUSE CVE-2024-53867

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the synclinkedregs function in the bpf subsystem to preserve the subregdef flag, which could le...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the Sliding Sync feature. An attacker can leak partial room state changes to...

Synapse Matrix has a partial room state leak via Sliding Sync

Impact The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. Patches Synapse version 1.120.1 fixes the problem. Workarounds Disable Sliding Sync. References...